1 2017-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 * NEWS, configure.ac, m4/hooks.m4: bumped version
5 2017-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9 2017-03-05 Alex Gaynor <alex.gaynor@gmail.com>
11 * lib/opencdk/read-packet.c: Enforce the max packet length for
12 OpenPGP subpackets as well This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
14 2017-03-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
18 2017-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20 * lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
21 lib/opencdk/opencdk.h, lib/opencdk/read-packet.c,
22 lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
23 lib/openpgp/privkey.c: opencdk: do not parse any secret keys in
24 packet when reading a certificate This reduces the attack surface on the parsers, and prevents any
25 bugs in the secret key parser to be exploitable by inserting secret
26 key sub-packets into an openpgp certificate. This addresses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
28 2017-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
30 * tests/Makefile.am, tests/crt_apis.c: tests: backported crt_apis
31 from master branch In addition to other APIs, this explicitly tests
32 gnutls_x509_crt_set_subject_unique_id() and
33 gnutls_x509_crt_set_issuer_unique_id(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
35 2017-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
37 * src/certtool-cfg.c: certtool: increased buffer for reading from
38 user This allows reading longer than 128-byte fields interactively. The
39 new limit is 512-bytes. Relates #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
41 2017-02-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
43 * tests/Makefile.am, tests/pkcs11/pkcs11-import-with-pin.c: tests:
44 added PKCS#11 test for pin input This introduces a test on PIN input to retrieve an object using
45 pin-value and pin-source (file). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
47 2017-02-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
49 * tests/utils.c, tests/utils.h: tests: utils: added ability to use
50 tmpfiles Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
52 2017-02-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
54 * tests/Makefile.am, tests/pkcs11/pkcs11-pubkey-import-rsa.c,
55 tests/pkcs11/pkcs11-pubkey-import.c: tests: backported PKCS#11 test In addition to public key import checks, this test ensures that the
56 pin-value attribute is functional. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
58 2017-02-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
60 * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
62 2017-02-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
64 * configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if
65 available in p11-kit This allows parsing the pin-value attribute of the PKCS#11 URI. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
67 2017-02-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
69 * lib/nettle/pk.c: nettle/pk: added error checking in
70 _rsa_params_to_pubkey Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
72 2017-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
74 * lib/nettle/pk.c: nettle/pk: corrected memcpy of Q in DSA params Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
76 2017-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
80 2017-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
82 * lib/opencdk/read-packet.c: opencdk/read-packet.c: corrected typo
83 in type cast Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
85 2017-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
87 * lib/opencdk/read-packet.c: cdk_pkt_read: enforce packet limits That ensures that there are no overflows in the subsequent
88 calculations. Resolves the oss-fuzz found bug:
89 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
91 2017-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
93 * lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2: Always return an
94 initialized pointer When returning success, but no elements,
95 gnutls_pkcs11_obj_list_import_url4, could have returned zero number
96 of elements with a pointer that was uninitialized. Ensure that an
97 initialized (i.e., null in that case), pointer is always returned.
98 Reported by Jeremy Harris. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
100 2017-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
102 * lib/opencdk/read-packet.c: opencdk: improved error code checking
103 in the stream reading functions This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
105 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
107 * tests/cert-tests/Makefile.am, tests/key-tests/Makefile.am: tests:
108 do not run key-tests and cert-tests under leak sanitizer The reason is that we cannot distinguish between a memory leak on
109 application failure (which is followed by exit- thus should be
110 ignored) and an address sanitizer issue (which should never be
111 ignored). As such we disable leak detection with asan and rely on
112 valgrind. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
114 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
116 * tests/key-tests/Makefile.am: tests: added missing file
118 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
120 * .gitlab-ci.yml: .gitlab-ci.yml: Build and Check - separate build
121 dir (x86): force build in gitlab shared runners In the Centos7 based runners there is an issue running autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
123 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
125 * .gitignore, src/Makefile.am: tools: use stamp files to allow
126 parallel build of autogen files Autogen seems to output on the creates files gradually, something
127 that makes 'make' believe that the command is complete prior to the
128 output file being fully populated. The current approach uses stamp
129 files to ensure that no incomplete files are used for compilation.
131 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
133 * NEWS: doc update [ci skip]
135 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
137 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am, symbols.last:
138 updated auto-generated files
140 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
142 * configure.ac, m4/hooks.m4: bumped version
144 2017-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
146 * NEWS: doc update [ci skip]
148 2017-01-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
150 * lib/opencdk/read-packet.c: opencdk: added error checking in the
151 stream reading functions This addresses an out of memory error. Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
153 2017-01-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
155 * lib/opencdk/pubkey.c: opencdk: cdk_pk_get_keyid: fix stack
156 overflow Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
158 2017-01-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
160 * lib/opencdk/read-packet.c: opencdk: read_attribute: added more
161 precise checks when reading stream That addresses heap read overflows found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
163 2017-01-01 Alex Gaynor <alex.gaynor@gmail.com>
165 * lib/opencdk/read-packet.c: Corrected a leak in OpenPGP sub-packet
166 parsing. Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
168 2016-12-30 Alex Gaynor <alex.gaynor@gmail.com>
170 * lib/opencdk/read-packet.c: Attempt to fix a leak in OpenPGP cert
173 2016-12-26 Alex Gaynor <alex.gaynor@gmail.com>
175 * lib/opencdk/read-packet.c: Do not infinite loop if an EOF occurs
176 while skipping a PGP packet Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
178 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
180 * lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior
181 (found with libubsan)
183 2017-01-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
187 2017-01-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
189 * lib/auth/rsa.c: auth rsa: eliminated memory leak on pkcs-1
190 formatting attack path Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
192 2017-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
194 * NEWS: doc update [ci skip]
196 2016-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
198 * lib/x509/verify.c: pkcs11 verification: ensure that an issuer we
199 retrieve is not blacklist It may happen in p11-kit trust module that a trusted certificate is
200 both in the trusted set, and the blacklisted set. To avoid accepting
201 a certificate when in both sets, we always check whether a trusted
202 issuer certificate is in the blacklisted set.
204 2016-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
206 * src/certtool.c: certtool: improved error reporting on file error
208 2016-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
210 * NEWS: doc update [ci skip]
212 2016-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
214 * lib/x509/x509_ext.c: gnutls_x509_ext_import_proxy: fix issue
215 reading the policy language If the language was set but the policy wasn't, that could lead to a
216 double free, as the value returned to the user was freed.
218 2016-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
220 * : commit 5ca126e1a5daf071ce690f28823fa97de6a7ae68 Author: Nikos
221 Mavrogiannopoulos <nmav@redhat.com> Date: Thu Dec 15 17:05:59 2016
224 2016-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
228 2016-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
230 * tests/Makefile.am, tests/pkcs8-key-decode-encrypted.c,
231 tests/pkcs8-key-decode.c: tests: added test for PKCS#8 encrypted key
232 decoding This also verifies that the return value when attempting to decrypt
233 without a password is GNUTLS_E_DECRYPTION_FAILED.
235 2016-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
237 * tests/key-tests/Makefile.am, tests/key-tests/pkcs8-invalid: tests:
238 added test suite with PKCS#8 files that have invalid encryption
240 2016-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
242 * lib/x509/privkey_pkcs8.c: PKCS#7 decrypt_data: merge all errors
243 during decryption to GNUTLS_E_DECRYPTION_FAILED
245 2016-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
247 * lib/x509/privkey_pkcs8.c: pkcs8: ensure that the correct error
248 code is returned on decryption failure
250 2016-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
252 * lib/x509/privkey_pkcs8.c: PKCS#5,7 decryption: added sanity check
253 on padding size Relates #148
255 2016-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
257 * lib/x509/privkey_pkcs8.c: PKCS#5,7 decryption: fail without leak
260 2016-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
262 * lib/x509/privkey_pkcs8.c: PKCS#5,7 decryption: fail early on
265 2016-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
267 * lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS#5,7
268 decryption: enforce limits in the support parameter sizes This allows to detect invalid parameters early rather than later.
271 2016-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
275 2015-07-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
277 * src/tpmtool-args.def, src/tpmtool.c: tpmtool: Added --test-sign
280 2016-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
282 * src/tpmtool.c: compiler warnings elimination and other bug fixes
284 2015-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
286 * src/tpmtool.c: tpmtool: added newline in error messages
288 2016-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
290 * configure.ac, lib/Makefile.am, lib/abstract_int.h,
291 lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
292 lib/gnutls_privkey.c, lib/includes/gnutls/gnutls.h.in, lib/tpm.c:
293 tpm: backported improvements from master branch * Load libtspi dynamically using dlopen - prevents direct linking
294 with openssl * Fix handling of keys requiring authorization * In import_tpm_key_cb() fix the wrong password loop
296 2016-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
298 * src/certtool-args.def: doc: updated to documentation of certtool
299 [ci skip] This corrects options which incorrectly mentioned they support URLs.
301 2016-12-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
303 * src/certtool.c: Don't trash DER CRQ output with text data Backported patch from master.
305 2016-11-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
309 2016-11-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
311 * tests/suite/testpkcs11: tests: backported test suite for p11tool
312 --set-id and --set-label options
314 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
316 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
317 p11tool: added --set-id and --set-label options
319 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
321 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
322 lib/pkcs11_int.c, lib/pkcs11_int.h: added
323 gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the
324 CKA_LABEL of an object.
326 2016-11-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
328 * tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on
329 copy/generation is correct
331 2016-11-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
333 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
334 p11tool: allow setting the CKA_ID on object
335 initialization/generation
337 2016-11-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
339 * lib/libgnutls.map: exported new functions
341 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
343 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
344 enhanced key generation functions to allow specifying a CKA_ID
346 2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
348 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy
349 functions to allow specifying a CKA_ID
351 2016-11-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
353 * lib/x509/pkcs12_encr.c: pkcs12: fixed the calculation of p_size Include the trailing zero into the size calculation.
355 2016-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
359 2016-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
361 * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12:
362 tests: added pkcs12 check with openssl generated structure and long
365 2016-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
367 * lib/x509/pkcs12_encr.c: pkcs12: fixed the calculation of p_size That affects passwords which exceed 32 characters.
369 2016-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
371 * lib/nettle/pk.c: _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR
372 prior to returning success This will prevent verification to succeed if the system is in error
375 2016-11-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
379 2016-10-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
381 * lib/ext/signature.c, lib/gnutls_alert.c: Terminate handshake if
382 only unknown or disabled signatures are advertized by the peer That is, do not attempt to proceed assuming that the peer supports
385 2016-10-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
389 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
391 * lib/ext/status_request.c: certificate status requestion response
392 is optional according to RFC6066
394 2016-10-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
396 * src/certtool.c: certtool: allow setting key purposes for non-CA
397 certificates That is, allow setting code signing, or time stamping key purpose in
398 certificates that are not marked as CA. The previous restriction
401 2016-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
403 * tests/Makefile.am, tests/multi-alerts.c: tests: added check to
404 verify that the server will bail out after many alerts
406 2016-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
408 * tests/Makefile.am, tests/naked-alerts.c: tests: added check to
409 verify that the server will bail out after receiving only alerts
411 2016-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
413 * tests/cert-common.h: tests: backported the common certs from
416 2016-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
418 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
419 handshake: set a maximum number of warning messages that can be
420 received per handshake That is to avoid DoS due to the assymetry of cost of sending an
421 alert vs the cost of processing.
423 2016-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
425 * lib/gnutls_record.c: record: disallow parsing of alert messages
426 prior to session start
428 2016-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
430 * src/certtool-common.c: certtool: improve text on missing options
433 2016-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
435 * src/pkcs11.c: p11tool: avoid asking the security officer PIN twice
438 2016-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
440 * src/pkcs11.c: p11tool: improved messages on token initialization
442 2016-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
444 * src/pkcs11.c: p11tool: corrected check of PIN existance in token
447 2016-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
449 * tests/Makefile.am: tests: link tests which utilize nettle with
452 2016-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
454 * doc/Makefile.am, doc/manpages/Makefile.am: updated auto-generated
457 2016-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
461 2016-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
463 * lib/gnutls_extensions.c: TLS extensions: only cache the extension
464 IDs from exts that the server supports That avoids imposing any artificial limits on the number of
465 extensions that a server can handle. Resolves #136
467 2016-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
469 * src/certtool.c: certtool: added safety net when generating a
470 certificate request That is, do not allow specifying --generate-request --load-pubkey
471 without specifying --load-privkey. Previously if --load-pubkey would
472 have been used, it would have been ignored, causing confusion to the
475 2016-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
479 2016-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
481 * lib/gnutls_handshake.c, lib/gnutls_int.h: Increased the maximum
482 size allowed for handshake messages to 128kb This would allow the library to cope with larger packets, as well as
483 TLS 1.3 hellos. Suggested by Hubert Kario.
485 2016-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
489 2016-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
491 * lib/gnutls_x509.c: gnutls_certificate_set_*key: ensure proper
492 cleanup on key mismatch failures That is, ensure that we keep no local references that are shared
493 with the caller, and that we properly free all initialized values.
495 2016-09-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
499 2016-09-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
501 * lib/system.c: _gnutls_ucs2_to_utf8: fixed use of
502 WideCharToMultiByte in windows
504 2016-09-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
506 * src/ocsptool.c: ocsptool: do not enter a spurious newline to
509 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
511 * tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
512 tests/cert-tests/template-unique.pem,
513 tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs
514 are generated as expected
516 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
518 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
519 src/certtool.c: certtool: Allow writing unique IDs in generated
522 2016-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
526 2016-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
528 * configure.ac, m4/hooks.m4: bumped version
530 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
532 * lib/includes/gnutls/x509.h, lib/libgnutls.map,
533 lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id()
534 and gnutls_x509_crt_set_subject_unique_id()
536 2016-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
540 2016-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
542 * lib/gnutls_pk.c: _gnutls_encode_ber_rs_raw: zero-pad values when
543 necessary This addresses issue when encoding values obtained via PKCS#11 which
544 may not be necessarily padded. Resolves #122
546 2016-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
548 * tests/cert-tests/template-test: tests: don't run overflow tests on
549 archs which fail This addresses a CI failure on x86.
551 2016-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
553 * tests/slow/hash-large.c: tests: backported hash-large from master
555 2016-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
557 * .gitlab-ci.yml: .gitlab-ci.yml: use the gitlab.com shared runners Backported from master branch
559 2016-08-28 David Woodhouse <dwmw2@infradead.org>
561 * lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: set the key value
564 2016-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
566 * lib/x509/ocsp.c: ocsp: corrected the comparison of the serial size
567 in OCSP response Previously the OCSP certificate check wouldn't verify the serial
568 length and could succeed in cases it shouldn't. Reported by Stefan Buehler.
570 2016-08-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
572 * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
573 tests/pkcs8-decode/pkcs8-pbes2-sha256.pem: tests: added decoding of
574 key with pbes2 and SHA256 PRF
576 2016-08-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
578 * NEWS, lib/algorithms.h, lib/algorithms/mac.c, lib/gnutls_int.h,
579 lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
580 lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
581 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
582 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
583 lib/x509/x509_int.h, tests/gc.c: Added support for decrypting PKCS#8
584 files which use HMAC-SHA256 as PRF This backports nettle pbkdf2 support, and improves compatibility
585 with new openssl versions.
587 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
589 * lib/x509/pkcs12.c: pkcs12: increased the number of iterations for
592 2016-08-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
594 * lib/crypto-api.c: gnutls_key_generate: fail if the state of the
595 library is invalid Suggested by Stephan Mueller.
597 2016-08-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
601 2016-08-08 Stefan Sørensen <stefan.sorensen@spectralink.com>
603 * lib/x509/pkcs12.c: Fix gnutls_pkcs12_simple_parse to always
604 extract the complete chain gnutls_pkcs12_simple_parse was only collecting extra certificates
605 that was possible elements of the certificate chain when the
606 extra_certs argument was not NULL. Fix by allways collecting all the
607 certificates, any unneeded certificates are released before
608 returning if extra_certs is NULL anyway. Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
610 2016-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
612 * lib/nettle/pk.c: nettle: use rsa_*_key_prepare on key import Previously we calculated the size of the key directly, but by using
613 the rsa_*_key_prepare we benefit from any checks that may be
614 introduced in the future. Specifically any checks for invalid public
615 keys (e.g., keys that may crash the underlying gmp functions). This patch avoids calling rsa_private_key_prepare every time we
616 construct a nettle private key struct, because this function
617 requires a bigint multiplication. We call that function once on
620 2016-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
622 * lib/nettle/pk.c: Revert "nettle: use rsa_*_key_prepare" This reverts commit a2c3ee54ea8080eeb59fcfeec88a842324982c90.
624 2016-08-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
626 * lib/nettle/pk.c: nettle: use rsa_*_key_prepare Previously we calculated the size of the key directly, but by using
627 the rsa_*_key_prepare we benefit from any checks that may be
628 introduced in the future. Specifically any checks for invalid public
629 keys (e.g., keys that may crash the underlying gmp functions).
631 2016-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
635 2016-07-09 Tim Kosse <tim.kosse@filezilla-project.org>
637 * lib/x509/x509.c: gnutls_x509_crt_list_import2 was ignoring the
638 passed flags if all certificates in the list fit within the
639 initially allocated memory.
641 2016-07-09 Tim Kosse <tim.kosse@filezilla-project.org>
643 * lib/x509/crl.c: gnutls_x509_crl_list_import2 was ignoring the
644 passed flags if all CTLs in the list fit within the initially
647 2016-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
649 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
650 lib/minitasn1/element.c, lib/minitasn1/element.h,
651 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
652 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
653 lib/minitasn1/structure.c: minitasn1: updated to libtasn1 4.9
655 2016-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
657 * NEWS: NEWS: corrected release date [ci skip]
659 2016-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
661 * NEWS: released 3.3.24
663 2016-06-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
665 * configure.ac: configure: check for libdl irrespective of FIPS140
666 configuration This allows to link to libdl for the tests that require it.
668 2016-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
670 * configure.ac, m4/hooks.m4: bumped version
672 2016-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
674 * libdane/errors.c, libdane/includes/gnutls/dane.h: dane: corrected
675 the license of libdane files The license was always LGPL version 2.1, and these files mentioned
676 LGPL version 3. Reported by Thomas Petazzoni.
678 2016-06-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
680 * tests/Makefile.am: tests: account pkcs11/pkcs11-mock-ext.h in
683 2016-06-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
685 * tests/Makefile.am: tests: link pkcs11-import-url-privkey with
686 libdl That is because it uses dlopen().
688 2016-06-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
692 2016-06-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
694 * tests/Makefile.am, tests/pkcs11/pkcs11-import-url-privkey.c,
695 tests/pkcs11/pkcs11-mock-ext.h, tests/pkcs11/pkcs11-mock.c: tests:
696 added check to verify the tolerance of broken C_GetAttributes That is, test gnutls_pkcs11_obj_list_import_url4() when importing
697 private keys from tokens that return CKR_OK on sensitive objects,
698 and tokens that return CKR_ATTRIBUTE_SENSTIVE. Relates #108
700 2016-06-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
702 * lib/pkcs11_int.c: pkcs11_get_attribute_avalue: correctly handle a
703 -1 value length from C_GetAttributeValue That is, work-around modules which do not return an error on
704 sensitive objects. Relates #108
706 2016-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
710 2016-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
712 * lib/pkcs11_int.c: pkcs11_get_attribute_avalue: do not assign
713 values on failure When C_GetAttributeValue() returns size but does not return data
714 then pkcs11_get_attribute_avalue() would set the return data pointer
715 to a free'd value. This is against the convention expected by
716 callers, i.e, set data to NULL. Reported by Anthony Alba in #108.
718 2016-06-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
720 * tests/suite/testpkcs11, tests/suite/testpkcs11.softhsm: tests:
721 updated testpkcs11 to support softhsmv2
723 2016-06-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
725 * tests/Makefile.am, tests/{suite => pkcs11}/pkcs11-chainverify.c,
726 tests/{suite => pkcs11}/pkcs11-combo.c, tests/{suite =>
727 pkcs11}/pkcs11-get-issuer.c, tests/{suite =>
728 pkcs11}/pkcs11-is-known.c, tests/{suite => pkcs11}/softhsm.h,
729 tests/suite/Makefile.am: tests: moved pkcs11 tests to main test
732 2016-06-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
734 * tests/suite/pkcs11-is-known.c: tests: backported pkcs11-is-known
737 2016-06-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
739 * lib/pkcs11.c: gnutls_pkcs11_crt_is_known: always assume
740 GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless
741 GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given
743 2016-06-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
745 * lib/pkcs11.c: find_cert_cb: minor cleanups in find_cert_cb
747 2016-06-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
751 2016-06-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
753 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
754 tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
755 tests/suite/softhsm.h: tests: backported the softhsmv2 pkcs11 checks
758 2016-06-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
760 * lib/pkcs11.c: pkcs11: correctly encode the serial number when
761 searching for certificate In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial
762 number to TLV DER from LV DER. This is the encoding we use when
765 2016-06-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
767 * lib/pkcs11.c: pkcs11: correctly account check_found_cert()
769 2016-06-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
771 * lib/pkcs11_write.c: Amended "Corrected the writing of serial
772 number in PKCS#11 modules" This corrects the writing of the serial number.
774 2016-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
778 2016-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
780 * lib/gnutls_buffers.c: dtls: corrected reconstruction of handshake
781 packets received out of order That is, when the handshake packet is split into multiple different
782 chunks and received out of order, make sure that reconstruction
783 occurs properly. Reported by Guillaume Roguez.
785 2016-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
787 * lib/pkcs11_write.c: Corrected the writing of serial number in
788 PKCS#11 modules That is previously the serial number was written in raw format, but
789 in PKCS#11 the serial number must be set encoded as integer. Report
790 and fix by Stanislav Zidek.
792 2016-05-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
796 2016-05-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
798 * lib/pkcs11_privkey.c: pkcs11: when generating a private key ensure
799 the public key is not private This is a backport from the 3.4.x branch.
801 2016-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
803 * lib/accelerated/x86/x86-common.c: x86-common: use secure_getenv()
805 2016-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
807 * configure.ac: configure.ac: check for secure_getenv where
808 available and always enable system extensions
810 2016-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
814 2016-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
816 * lib/fips.c, lib/gnutls_global.c, lib/gnutls_mem.h, lib/system.c:
817 env: use secure_getenv when reading environment variables
819 2016-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
821 * lib/pkcs11.c: pkcs11: added sanity check to find_obj_url_cb() for
822 object validity Also avoid unnecessary recursion.
824 2016-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
826 * tests/suite/eagain, tests/suite/testsrn: tests: use /bin/bash in
827 tests which require common.sh
829 2016-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
831 * tests/suite/Makefile.am, tests/suite/testcompat,
832 tests/suite/testcompat-common, tests/suite/testcompat-main: tests:
833 backported full openssl suite from master Removed the priority strings not applicable in 3.3.x.
835 2016-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
837 * tests/dsa/testdsa, tests/openpgp-certs/testcerts,
838 tests/scripts/common.sh, tests/suite/eagain,
839 tests/suite/mini-eagain2.c, tests/suite/testcompat-main,
840 tests/suite/testsrn: tests: simplified server launching process Also attempt to use a new port on every started server and added a
841 waiting period for the port to become re-usable.
843 2016-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
845 * tests/version-checks.c: added check for the VERS-ALL priority
848 2016-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
850 * lib/gnutls_priority.c: gnutls_priority_init: recognize the
851 VERS-ALL keyword This keyword is identical to VERS-TLS-ALL, but it will allow to
852 re-use priority strings from 3.4.x+ to this branch of gnutls.
854 2016-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
856 * tests/Makefile.am: tests: do not use pkglib to generate
857 libpkcs11mock1.so This resulted in the test library being installed. Install we use
858 noinst for the library, but pass -rpath to LDFLAGS as a hack to for
859 libtool to generate the shared version.
861 2016-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
863 * NEWS, configure.ac, m4/hooks.m4: released 3.3.23
865 2016-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
867 * src/cli.c, src/socket.c, src/socket.h: gnutls-cli: allow operation
868 with stdin input That is once commands from stdin are given, they are not only sent
869 to server, but we also wait for a response prior to exiting. Resolves #96
871 2016-05-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
873 * NEWS: doc update [ci skip]
875 2016-05-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
879 2016-05-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
881 * src/cli.c: gnutls-cli: corrected check for OCSP verification
884 2016-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
886 * lib/gnutls_global.c: gnutls_global_init: log gnutls' version on
889 2016-05-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
891 * NEWS: doc update [ci skip]
893 2016-05-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
895 * tests/Makefile.am, tests/mini-server-name.c: tests: backported
898 2016-05-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
900 * lib/ext/server_name.c: server_name: only save the supported server
901 names in the session Invalid server names with embedded nulls and unsupported types are
904 2016-05-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
908 2016-05-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
910 * lib/gnutls_x509.c: cert cred: add the CN to the list of known
911 hostnames only if no dns_names That is, follow rfc6125 and support CN as a fallback only.
913 2016-05-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
915 * lib/gnutls_x509.c: gnutls_certificate_set_key: import the DNS
916 names of the certificates That is, only when no (NULL) names are provided.
918 2016-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
920 * tests/pkcs11/pkcs11-cert-import-url-exts.c,
921 tests/pkcs11/pkcs11-get-exts.c,
922 tests/pkcs11/pkcs11-get-raw-issuer-exts.c: Revert "tests: ignore
923 failure to load pkcs11 mock provider" This reverts commit ae40598e5597b1b1f01a7e55d35b5f476d7d19d7.
925 2016-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
927 * configure.ac, tests/Makefile.am: tests: don't run pkcs11 mock
928 module tests under buggy p11-kit
930 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
932 * tests/pkcs11/pkcs11-cert-import-url-exts.c,
933 tests/pkcs11/pkcs11-get-exts.c,
934 tests/pkcs11/pkcs11-get-raw-issuer-exts.c: tests: ignore failure to
935 load pkcs11 mock provider GnuTLS 3.3.x can work with old versions of p11-kit which do not have
936 the necessary fixes to load absolute paths.
938 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
940 * lib/nettle/gnettle.h: Fixed _NETTLE_UPDATE macro The macro was not using the input parameters but rather the actual
941 variable name from the function (which was identical to input).
942 Patch by Stanislav Zidek.
944 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
946 * lib/gnutls_x509.c: gnutls_certificate_set_key: duplicate the
947 provided memory That is, do not assume that a heap allocated value is provided.
949 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
951 * NEWS: doc update [ci skip]
953 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
957 2016-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
959 * tests/Makefile.am, tests/pkcs11/pkcs11-cert-import-url-exts.c,
960 tests/pkcs11/pkcs11-get-exts.c,
961 tests/pkcs11/pkcs11-get-raw-issuer-exts.c,
962 tests/pkcs11/pkcs11-mock.c, tests/pkcs11/pkcs11-mock.h: tests: added
963 a basic PKCS#11 mock module This is used to test gnutls_pkcs11_obj_get_exts(),
964 gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer()
965 with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
967 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
969 * lib/pkcs11.c: pkcs11: find_cert_cb: do not use C_FindObjectsInit()
970 when another is already running While some modules implicitly terminated the previous run, this is
971 not something that PKCS#11 modules are expected to typically do.
973 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
975 * lib/pkcs11.c: pkcs11: the flag
976 GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be respected by
977 imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url()
978 or gnutls_x509_crt_import_url() will be able to be extracted with
979 their extensions overriden. Previously that was available only on
980 gnutls_pkcs11_get_raw_issuer() and friends.
982 2016-05-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
984 * lib/pkcs11x.c: pkcs11: find_ext_cb: eliminated memory leak
986 2016-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
988 * lib/pkcs11x.c: gnutls_pkcs11_obj_get_exts: updated documentation
991 2016-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
993 * lib/gnutls_privkey_raw.c: corrected import issue in
994 gnutls_privkey_import_ecc_raw
996 2016-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
998 * lib/x509/privkey.c: x509/privkey: in raw import functions set the
999 parameter's algorithm type
1001 2016-04-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1003 * tests/dane.c: tests: enhanced dane testing with offline
1006 2016-04-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1008 * libdane/dane.c: dane: verification will not fail if a CA entry is
1009 encountered but cannot be verified That addresses the issue of verifying a single certificate against a
1010 list of TLSA entries that contain an entry with CA usage (cert usage
1011 0). With the previous behavior verification would have failed, while
1012 now this entry will be skipped.
1014 2016-04-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1016 * lib/gnutls_cert.c, libdane/dane.c: doc: improved documentation on
1017 certificate and DANE verification functions
1019 2016-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1021 * lib/nettle/pk.c: _wrap_nettle_pk_derive: reject values of public
1022 key that are over the prime That is do not canonicalise the value we get from the network, but
1023 rather check it for validity. This saves a modular reduction on
1024 handshake and performs a sanity check on the peer's (client)
1025 parameters. Reported by Hubert Kario. Resolves #84
1027 2016-04-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1029 * lib/gnutls_sig.c: handshake: do not overwrite the server's
1030 signature algorithm That is, correct a bug under which a client sending a certificate
1031 would overwrite the server's idea about the used signature
1032 algorithm. Reported by Hubert Kario.
1034 2016-04-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1036 * lib/x509/ocsp.c: gnutls_ocsp_resp_get_single: fail if thisUpdate
1037 is not available or unparsable That is because this field is not optional, and a failure on its
1038 parsing is always fatal. Reported by Yuan Jochen Kang.
1040 2016-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1042 * lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: don't warn
1043 about insecure algorithm when unknown
1045 2016-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1047 * lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: corrected byKey
1048 definition OCSP is defined in an EXPLICIT tags module, and as such we must tag
1049 explicitly all of its tags.
1051 2016-04-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
1053 * lib/x509/name_constraints.c: name constraints: enforce the rules
1054 for IP constraints when adding This will prevent gnutls from generating badly formed certificates.
1056 2016-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1060 2016-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1062 * src/ocsptool-common.c: ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool
1063 doesn't support. Reported by Thomas Klute.
1065 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
1069 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
1071 * lib/x509/output.c: x509/output: simplified cidr_to_string()
1073 2016-03-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1075 * lib/x509/output.c: x509/output: print RFC5280 CIDRs in name
1078 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
1080 * lib/system.c: system_recv_timeout(): verify that the file
1081 descriptor is acceptable for select()
1083 2016-03-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1087 2016-03-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1089 * tests/cert-tests/template-nc.pem: tests: template-test was updated
1090 for OCSP key purpose reordering
1092 2016-03-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1094 * src/certtool.c: certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a
1095 CA to delegate OCSP signing to another certificate without requiring
1096 it to be a CA. Reported by Thomas Klute.
1098 2016-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1100 * lib/accelerated/x86/x86-common.c: x86-common: CPUID override will
1101 only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities.
1102 Reported by Andreas Metzler.
1104 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1108 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1110 * lib/gnutls_handshake.c: handshake: parse the mandatory to parse
1111 extension prior to any callback call This relates to the change of ALPN extension to mandatory to parse,
1112 and allows applications to get ALPN data prior to handshake
1115 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1117 * tests/mini-x509-callbacks.c: tests: verify that the
1118 post-client-hello callback has access to ALPN data
1120 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1122 * tests/resume.c: tests: added checks for session resumption and
1123 ALPN This checks whether the ALPN extension is re-read on resumption and
1126 2016-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1128 * tests/resume.c: tests: resume: simplified structure assignment
1131 2016-03-15 Yuriy M. Kaminskiy <yumkam@gmail.com>
1133 * lib/ext/alpn.c: alpn: ALPN state is per-connection, it should not
1134 be saved with session data In addition the extension was moved to the mandatory to parse to
1135 ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not
1136 establish properties of the session, only of the connection.
1137 When session resumption or session tickets [RFC5077] are used, the
1138 previous contents of this extension are irrelevant, and only the
1139 values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com> Signed-off-by:
1140 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1142 2016-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1144 * src/cli.c: gnutls-cli: fix invalid initialization in
1147 2016-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1151 2016-03-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1153 * NEWS: doc update [ci skip]
1155 2016-03-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1157 * tests/mini-loss-time.c: tests: backported mini-loss-time fixes
1159 2016-03-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1161 * NEWS: doc update [ci skip]
1163 2016-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1165 * tests/slow/Makefile.am: tests: do not run hash-large twice
1167 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1169 * tests/version-checks.c: tests: corrected typo in version-checks
1171 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1173 * .gitlab-ci.yml: .gitlab-ci.yml: added check on build with SSL 3.0
1175 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1177 * tests/suite/testsrn: tests: backported testsrn from 3.4 branch
1179 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1181 * tests/Makefile.am, tests/cert-common.h, tests/version-checks.c:
1182 tests: added check for version negotiation default prio string That verifies whether the support versions are negotiated.
1184 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1188 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1190 * configure.ac, lib/gnutls_priority.c: Remove SSL 3.0 from the
1191 default priority strings That can be reverted by using the --with-ssl3 configure option.
1193 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1195 * tests/slow/Makefile.am: tests: include test-hash-large into dist
1197 2016-03-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1199 * .gitlab-ci.yml: .gitlab-ci.yml: separate builds with asan
1201 2016-03-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1203 * lib/openpgp/extras.c: gnutls_openpgp_keyring_import: backported
1206 2016-03-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1208 * src/p11tool.c: p11tool: avoid warning with cast
1210 2016-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1212 * src/certtool.c: certtool: eliminated memory leaks on cert
1215 2016-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1217 * src/certtool.c: certtool: backported memory leak fixes in PKCS#12
1220 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1222 * src/certtool.c: certtool: eliminate leaks in _verify_x509_mem()
1224 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1226 * src/certtool.c: certtool: eliminate memory leaks in certificate
1229 2016-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1231 * configure.ac, m4/hooks.m4: bumped version [ci skip]
1233 2016-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1235 * src/certtool.c: certtool: avoid warning with cast
1237 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1239 * lib/ext/ecc.c: ecc: optimized extension parsing
1241 2016-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1243 * .gitlab-ci.yml: .gitlab-ci.yml: fixed asan build for nettle3
1245 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1247 * NEWS: doc update [ci skip]
1249 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1251 * lib/gnutls_state.c: timespec_sub_ms: fixed operation in 32-bit
1254 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1256 * lib/pkcs11.c: pkcs11: Fixes to prevent undefined behavior (found
1259 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1261 * lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent
1262 undefined behavior (found with libubsan)
1264 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1266 * lib/gnutls_mem.h, lib/x509/x509.c: x509: Fixes to prevent
1267 undefined behavior (found with libubsan)
1269 2016-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1271 * .gitlab-ci.yml: .gitlab-ci.yml: added libasan build with nettle3
1273 2016-02-25 Jan Vcelak <jan.vcelak@nic.cz>
1275 * lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing
1276 algorithm setting for DSA keys The algorithm number was set only in the private key structure, not
1277 in the nested structure with parameters. This made certain
1278 operations to fail (e.g., copying the key into a PKCS #11 token). Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
1280 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1282 * tests/cert-tests/template-date.pem,
1283 tests/cert-tests/template-dn.pem,
1284 tests/cert-tests/template-generalized.pem,
1285 tests/cert-tests/template-nc.pem,
1286 tests/cert-tests/template-overflow.pem,
1287 tests/cert-tests/template-overflow2.pem,
1288 tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
1289 tests/cert-tests/template-utf8.pem: tests: regenerate the results in
1290 template-test using UTC times
1292 2016-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1296 2016-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1298 * lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1
1299 structure follow the RFC5280 recommendations That is make sure we generate dates with UTCTime prior to 2050 and
1300 GeneralizedTime format after 2050.
1302 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1304 * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
1305 tests/cert-tests/template-dn.pem,
1306 tests/cert-tests/template-generalized.pem,
1307 tests/cert-tests/template-generalized.tmpl,
1308 tests/cert-tests/template-nc.pem,
1309 tests/cert-tests/template-overflow.pem,
1310 tests/cert-tests/template-overflow2.pem,
1311 tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
1312 tests/cert-tests/template-utf8.pem: tests: verify that we generate
1313 dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050.
1315 2016-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
1317 * lib/nettle/cipher.c: Prevent the encryption or decryption of more
1318 than 2^32 bytes with nettle2 That is because of nettle2 API limitations. Unlike the hash
1319 functions there is no real need for a wrapper as encrypting or
1320 decrypting that amount of data is unlikely.
1322 2016-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1324 * tests/dsa/testdsa, tests/scripts/common.sh: tests: backported
1325 testdsa to prevent random failures in test suite
1327 2016-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1331 2016-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1333 * lib/accelerated/x86/hmac-padlock.c,
1334 lib/accelerated/x86/hmac-x86-ssse3.c,
1335 lib/accelerated/x86/sha-padlock.c,
1336 lib/accelerated/x86/sha-padlock.h,
1337 lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
1338 lib/accelerated/x86/x86-common.h, lib/nettle/gnettle.h,
1339 lib/nettle/mac.c: nettle: use the correct type for hash and MAC
1340 functions In addition allow for hashing of more than UINT_MAX data bytes with
1341 nettle 2.x in 64-bit systems.
1343 2016-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1345 * tests/slow/Makefile.am, tests/slow/hash-large.c,
1346 tests/slow/test-hash-large: tests: check whether large buffer hashes
1347 and MAC work as expected
1349 2016-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1351 * tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests
1352 are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available.
1354 2016-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1356 * NEWS, configure.ac, m4/hooks.m4: bumped version
1358 2016-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1360 * NEWS: doc update [ci skip]
1362 2016-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
1364 * tests/cert-tests/template-date.pem,
1365 tests/cert-tests/template-dn.pem, tests/cert-tests/template-nc.pem,
1366 tests/cert-tests/template-overflow.pem,
1367 tests/cert-tests/template-overflow2.pem,
1368 tests/cert-tests/template-test.pem: Revert "tests: updated to
1369 account for cert generation after
1370 c1405c6e08ef55421108bd4395588368f4122dda fix" This reverts commit 09dcbe564a85c021ebcbf7a3f28075d19c399ce4.
1372 2016-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
1374 * lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in
1375 gnutls_x509_ext_export_key_usage" This was a false negative and not a real out-of-bounds read. This
1376 reverts commit c1405c6e08ef55421108bd4395588368f4122dda.
1378 2016-01-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1380 * .gitlab-ci.yml: .gitlab-ci.yml: Added build with ARCFOUR
1382 2016-01-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1384 * NEWS, configure.ac, lib/gnutls_priority.c, tests/priorities.c:
1385 Added configure flag --with-arcfour128 This flag will re-enable ARCFOUR in the priority strings by default.
1387 2016-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1391 2016-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1393 * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
1394 tests/record-sizes.c: Revert "Revert "tests: updated to account for
1395 ARCFOUR being disabled"" This reverts commit a2f907d0d4e52eb4dd24cc1f5d7d892b21abfd83.
1397 2016-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1399 * lib/gnutls_priority.c: Revert "Revert "ARCFOUR is disabled from
1400 the default priority strings"" This reverts commit b3b5db319d4246e4735017cc423b92175f713a89.
1402 2016-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1404 * lib/gnutls_pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory
1407 2016-01-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1409 * lib/x509/output.c: x509: place newline when printing unsupported
1412 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1416 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1418 * lib/ext/alpn.c: alpn: when parsing the list of protocols return at
1419 the first mutually common That resolves an issue where the server wouldn't select the first
1420 mutually supported. Resolves #63
1422 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1424 * tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection
1427 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1429 * tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN
1432 2016-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1434 * lib/ext/alpn.c: alpn: document how the selected protocol is
1437 2016-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1439 * tests/mini-alpn.c: tests: verify that the selected ALPN protocol
1440 is the first advertised
1442 2016-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1444 * NEWS: released 3.3.20
1446 2016-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1448 * NEWS: reverted ARCFOUR removal change
1450 2016-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1452 * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
1453 tests/record-sizes.c: Revert "tests: updated to account for ARCFOUR
1454 being disabled" This reverts commit 45926d9561b2e888c505524663b7c7ad87c263bc.
1456 2016-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1458 * lib/gnutls_priority.c: Revert "ARCFOUR is disabled from the
1459 default priority strings" This reverts commit 76be7bda79d6785eeab3ef8e96db026ad7aac9c3.
1461 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1463 * configure.ac: configure: no longer distribute lzip tarballs
1465 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1467 * src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows
1470 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1472 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
1473 src/libopts/COPYING.mbsd, src/libopts/Makefile.am,
1474 src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
1475 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
1476 src/libopts/autoopts.c, src/libopts/autoopts.h,
1477 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
1478 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
1479 src/libopts/check.c, src/libopts/compat/compat.h,
1480 src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h,
1481 src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
1482 src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
1483 src/libopts/genshell.c, src/libopts/genshell.h,
1484 src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h,
1485 src/libopts/libopts.c, src/libopts/load.c,
1486 src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
1487 src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c,
1488 src/libopts/nested.c, src/libopts/numeric.c,
1489 src/libopts/option-value-type.c,
1490 src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c,
1491 src/libopts/parse-duration.h, src/libopts/pgusage.c,
1492 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
1493 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
1494 src/libopts/stack.c, src/libopts/stdnoreturn.in.h,
1495 src/libopts/streqvcmp.c, src/libopts/text_mmap.c,
1496 src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c,
1497 src/libopts/version.c: libopts: updated to 5.18.6
1499 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1501 * configure.ac, m4/hooks.m4: bumped version
1503 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1505 * Makefile.am, symbols.last: symbols.last: don't include internal
1506 symbols into exported list
1508 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1510 * NEWS: NEWS: doc update
1512 2016-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
1514 * tests/cert-tests/template-date.pem,
1515 tests/cert-tests/template-dn.pem, tests/cert-tests/template-nc.pem,
1516 tests/cert-tests/template-overflow.pem,
1517 tests/cert-tests/template-overflow2.pem,
1518 tests/cert-tests/template-test.pem: tests: updated to account for
1519 cert generation after c1405c6e08ef55421108bd4395588368f4122dda fix
1521 2016-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
1523 * tests/Makefile.am: tests: Makefile.am: removed invalid program ld
1526 2016-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1530 2016-01-04 Tim Kosse <tim.kosse@filezilla-project.org>
1532 * lib/x509/x509_ext.c: Fix out-of-bounds read in
1533 gnutls_x509_ext_export_key_usage
1535 2016-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1537 * .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test
1540 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1542 * lib/pkcs11_privkey.c: pkcs11: fixes to store the imported URL This ammends 603d0db776537c19bdfd907e0fc77c7321874bf0 with changes
1543 for the 3.3.x branch.
1545 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1547 * NEWS: doc update [ci skip]
1549 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1553 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1555 * lib/pkcs11_privkey.c: pkcs11: import public keys from any
1556 available object That is, load public keys from the public key object, or the
1557 certificate object if they are present. That affects non-RSA public
1558 keys which do not contain all required fields on the private key
1561 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1563 * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
1564 the writing of ECC private key
1566 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1568 * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
1569 the type of the written object Previously only RSA objects were correctly written.
1571 2015-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1573 * NEWS: NEWS: doc update [ci skip]
1575 2015-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1577 * lib/ext/max_record.c: max_record: don't consider this extension on
1578 DTLS That is because it doesn't work as expected, and does not fragment
1579 handshake messages. Relates with #61
1581 2015-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1585 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1587 * lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS
1588 name constraints with leading dot Patch by Fotis Loukos. Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
1590 2015-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1592 * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
1593 tests/record-sizes.c: tests: updated to account for ARCFOUR being
1596 2015-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1600 2015-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1602 * lib/gnutls_priority.c: ARCFOUR is disabled from the default
1603 priority strings ARCFOUR is a cipher known to be broken theoretically and
1604 practically. Configurations that depend on that cipher being on
1605 should explicitly enable it. Resolves #23
1607 2015-12-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1609 * lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
1610 #11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are
1611 available. This is a much cleaner approach than
1612 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
1614 2015-12-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1616 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
1617 lib/pkcs11_privkey.c: Revert "Do not allow importing public keys
1618 from PKCS #11 private keys for DSA and ECDSA" This reverts commit 0e79aabab519a6b568cf8c31b38523cce7416bd8.
1620 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1624 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1626 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
1627 lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
1628 #11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for
1629 a direct import. Reported by Jan Vcelak.
1631 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1633 * lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't
1636 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1638 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
1639 deinitialize gnutls_pkcs11_obj_t's pubkey on deinit
1641 2015-12-06 Jan Vcelak <jan.vcelak@nic.cz>
1643 * lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in
1644 privkey_get_pubkey The code worked for RSA because the content of the variables
1645 matched. But it doesn't match for ECC. CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0)
1646 CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
1648 2015-11-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
1650 * lib/x509/x509.c: allow specifying NULL buffer in
1651 gnutls_x509_crt_get_*_unique_id()
1653 2015-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1655 * NEWS: released 3.3.19
1657 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1659 * symbols.last: updated auto-generated files
1661 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1663 * doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions
1666 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1668 * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
1669 lib/libgnutls.map: gnutls_global_init_skip: prefixed with an
1672 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1674 * configure.ac, m4/hooks.m4: bumped version
1676 2015-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1680 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1682 * tests/global-init-override.c, tests/global-init.c: tests:
1683 corrected copyright info
1685 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1687 * tests/Makefile.am, tests/global-init-override.c: tests: added
1688 check for overriding global initialization
1690 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1692 * doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro
1694 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1696 * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
1697 lib/libgnutls.map: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow
1698 programs skip implicit global initialization
1700 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1702 * tests/utils.c, tests/utils.h: utils: backported sec_sleep()
1704 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1706 * tests/mini-handshake-timeout.c: tests: backported
1707 mini-handshake-timeout
1709 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1711 * .gitlab-ci.yml: .gitlab-ci.yml: added build and check in FIPS140-2
1714 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1716 * tests/mini-dtls-record.c, tests/resume-dtls.c: tests: backported
1717 mini-dtls-record.c and resume-dtls.c
1719 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1721 * .gitlab-ci.yml: .gitlab-ci.yml: remove the minimal library from
1724 2015-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1726 * lib/x509/x509_write.c: disable_optional_stuff: don't disable
1727 unique IDs if set There are sideways set these values even if they are not in the
1728 public API, and we shouldn't disable them unconditionally.
1730 2015-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1732 * .gitlab-ci.yml: Added CI build rules
1734 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1738 2015-11-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1740 * lib/algorithms/ciphersuites.c, tests/mini-record.c: Require TLS
1741 1.2 for all the ciphersuites which are defined for it only This solves an interoperability issue with openssl. Reported by
1744 2015-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1748 2015-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1750 * lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to
1751 DHE and ECDHE on a rehandshake
1753 2015-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1757 2015-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1759 * lib/gnutls.pc.in: gnutls.pc: don't use the libtool version of the
1760 link options Reported by Dan Kegel. Resolves #49
1762 2015-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
1766 2015-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1768 * lib/algorithms/ciphers.c, lib/gnutls_cipher_int.c,
1769 lib/gnutls_priority.c: Disable the NULL cipher on runtime when
1770 FIPS140 mode is enabled instead of statically That way the NULL cipher can be used when not in FIPS140 mode.
1772 2015-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1774 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/kx.c,
1775 lib/gnutls_int.h, lib/gnutls_priority.c: backport: Tolerate priority
1776 strings with names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications
1777 which disable or enable algorithms which no longer are supported.
1780 2015-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1784 2015-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1786 * lib/pkcs11_write.c: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER
1787 when writing on a certificate That allows NSS to read and use the written certificate. Resolves
1790 2015-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1794 2015-10-12 Lennert Buytenhek <buytenh@wantstofly.org>
1796 * lib/nettle/pk.c: Fix memory leak in wrap_nettle_hash_algorithm(). wrap_nettle_hash_algorithm() leaks an mpz_t if it is called with pk
1797 == GNUTLS_PK_RSA and sig == NULL, in which case it will return
1798 without going through the regular exit path that clears the mpz_t it
1799 allocated at the beginning of the function. Use the regular exit
1800 path instead to fix this. This leak can be triggered via calls to
1801 gnutls_pubkey_get_preferred_hash_algorithm(). Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
1803 2015-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1805 * lib/gnutls_str.c: _gnutls_hex2bin: avoid overrun in the provided
1808 2015-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1810 * doc/manpages/tpmtool.1: tpmtool.1: updated
1812 2015-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1814 * NEWS, configure.ac, m4/hooks.m4: bumped version
1816 2015-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1818 * lib/x509/output.c: Don't use formatted output for fixed strings Resolves #35
1820 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1822 * lib/gnutls_session_pack.c: session packing: corrected issue in PSK
1825 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1829 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1831 * lib/x509/verify-high.c, lib/x509/verify-high2.c: x509: when
1832 appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted.
1834 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1836 * src/certtool.c: certtool: allow exporting very long CRLs
1838 2015-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1842 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1844 * tests/cert-tests/Makefile.am, tests/cert-tests/crl: tests: check
1845 whether the CRL generation code works as expected
1847 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1849 * src/certtool.c: certtool: removed limit on maximum imported
1850 certificates in the -i option
1852 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1854 * src/certtool-common.c, src/certtool.c: certtool: eliminated memory
1855 leaks due to new cert loading code
1857 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1859 * src/certtool-common.c, src/certtool-common.h: certtool: lifted
1860 limits on file size to load
1862 2015-08-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1864 * Makefile.am: before dist ensure that included libopts matches
1867 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1869 * tests/suite/mini-eagain2.c: tests: backported fix in mini-eagain2
1871 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1873 * lib/pkcs11_write.c: pkcs11: increase attributes size in
1874 gnutls_pkcs11_copy_x509_privkey
1876 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1878 * configure.ac, m4/hooks.m4: bumped version
1880 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1884 2015-08-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1888 2015-08-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1890 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set
1891 the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
1892 flag, to simulate the previous behavior.
1894 2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1896 * lib/ext/safe_renegotiation.c: safe renegotiation: simulate
1897 receiving the extension on receival of SCSV
1899 2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1903 2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1905 * lib/ext/safe_renegotiation.c: safe renegotiation: handle case
1906 where client didn't send any extension That was affected by the "don't try to send extensions we didn't
1909 2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1911 * lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h:
1912 As server don't try to send extensions we didn't receive.
1914 2015-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1916 * lib/x509/common.c: Reset the output value on error in
1917 _gnutls_x509_dn_to_string() Reported by Kurt Roeckx.
1919 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1921 * lib/gnutls_state.c: gnutls_prf: document that this is not
1922 identical to RFC5705
1924 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1926 * src/p11tool-args.def: p11tool: fix documentation for
1927 --generate-ecc and generate-dsa
1929 2015-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1931 * NEWS, configure.ac, m4/hooks.m4: bumped version
1933 2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1935 * lib/ext/dumbfw.c: corrected function name
1937 2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1941 2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1943 * lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
1946 2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1948 * lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.
1950 2015-07-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1952 * src/certtool.c: certtool --outder should not emit signature
1953 verification status When emitting binary-formatted output, send signature verification
1954 status to stderr, since it is not binary-formatted output. A simpler version of this patch would be to always send signature
1955 verification to stderr, but that would change the text-formatted
1958 2015-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1962 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1964 * lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
1965 public key should depend on P not Y That allows to do the proper evaluation to check certificate
1966 strength. Reported by Hubert Kario.
1968 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1972 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1974 * lib/x509/name_constraints.c: name constraints: don't reject
1975 certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
1976 constraints, and the end certificate doesn't have an IPaddress name
1979 2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1981 * lib/x509/privkey.c: enhanced header matching code for private keys
1982 to skip unrelated data
1984 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1988 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1990 * tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
1991 tests/suite/ciphersuite/test-ciphers.js,
1992 tests/suite/ciphersuite/test-ciphersuites.sh,
1993 tests/suite/test-ciphersuite-names: tests: backported
1994 test-ciphersuite-names from master
1996 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
1998 * lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
1999 when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
2000 trying all encrypted options.
2002 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2004 * lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
2005 release any data on failure Resolves #15
2007 2015-06-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
2009 * tests/suite/testcompat-main: tests: backported test-compat-main
2012 2015-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2014 * lib/nettle/cipher.c: Corrected camellia256 set key in nettle3
2017 2015-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2019 * lib/nettle/int/drbg-aes.c: drbg-aes: include gnutls_errors.h
2021 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2023 * lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
2026 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2028 * tests/rng-fork.c: tests: check random generator for long outputs
2031 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2033 * lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
2036 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2038 * lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
2039 the reseed and generate function
2041 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2043 * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
2044 enforce the max_number_of_bits_per_request
2046 2015-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2048 * lib/x509/ocsp_output.c: Check the OID size for match when
2049 comparing for the OCSP nonce extension Reported by Hanno Böck.
2051 2015-05-23 Armin Burgmeier <armin@arbur.net>
2053 * lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
2054 used Before, the number of bits of a zero-length number was attempted to
2055 be extracted, resulting in an error. The changed behaviour is
2056 consistent with the documentation which explicitly states that 0
2057 should be returned if no DH key exchange was performed.
2059 2015-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
2061 * lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
2062 include a leading zero
2064 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
2066 * lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
2067 the DH max prime size with 1007 bits or less
2069 2015-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
2073 2015-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
2075 * configure.ac, lib/accelerated/x86/aes-gcm-padlock.c,
2076 lib/accelerated/x86/aes-gcm-x86-aesni.c,
2077 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
2078 lib/accelerated/x86/aes-padlock.c,
2079 lib/accelerated/x86/sha-padlock.c,
2080 lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
2081 lib/nettle/cipher.c, lib/nettle/int/dsa-fips.h,
2082 lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
2083 lib/nettle/pk.c, m4/hooks.m4, tests/dsa/testdsa: Allow using nettle3
2086 2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2088 * tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
2091 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2093 * tests/mini-loss-time.c: tests: eliminate mem leaks in
2096 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2098 * tests/mini-loss-time.c: tests: backported mini-loss-time from
2101 2015-04-28 Jan Vcelak <jan.vcelak@nic.cz>
2103 * lib/nettle/pk.c: fix memory leak in ECDSA key parameters
2104 verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
2106 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2108 * NEWS: updated NEWS
2110 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2112 * NEWS, configure.ac, m4/hooks.m4: released 3.3.15
2114 2015-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2116 * lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts
2118 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
2120 * lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
2123 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
2125 * doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
2128 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
2130 * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
2133 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2137 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2139 * tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
2140 for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.
2142 http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.htmlConflicts: tests/Makefile.am
2144 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2146 * lib/ext/signature.c: before falling back to SHA1 as signature
2147 algorithm in TLS 1.2 check if it is enabled
2149 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2151 * lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
2152 consider any values from the extension data to decide acceptable
2155 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2157 * lib/auth/cert.c: set the value used by
2158 gnutls_certificate_client_get_request_status prior to selecting
2159 certificate That allows gnutls_certificate_client_get_request_status() to be
2160 properly operating from the callback. Reported by Anton Lavrentiev.
2162 2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
2164 * lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev
2166 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
2170 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2172 * lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
2173 certificate even if a callback was used This corrects a bug where this function would not work, when
2174 gnutls_certificate_set_retrieve_function2() was used.
2176 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2178 * lib/x509/x509.c: ensure that the X.509 version number is one byte
2181 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2183 * lib/x509/x509.c: Check for invalid length in the X.509 version
2184 field If such an invalid length is detected, reject the certificate.
2185 Reported by Hanno Böck.
2187 2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
2189 * tests/mini-loss-time.c: tests: mini-loss-time: ignore sigpipe
2191 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2193 * NEWS: released 3.3.14
2195 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2197 * tests/suite/testcompat-main: tests: change the default port in
2198 testcompat to avoid clash with testsrn
2200 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2202 * doc/texinfo.css: doc: increase border spacing in HTML tables
2204 2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2206 * configure.ac, m4/hooks.m4: bumped version
2208 2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2212 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2214 * lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
2215 send data size That reduced the maximum send size for CBC ciphers from 16384 to
2216 16384-(block size), which was unnecessary and was causing issues:
2217 https://bugs.winehq.org/show_bug.cgi?id=37500
2219 2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2221 * lib/algorithms/ciphersuites.c,
2222 tests/suite/ciphersuite/scan-gnutls.sh: made ciphersuites.c more
2223 self-contained to be handled by test-ciphersuites.sh
2225 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2227 * lib/x509/x509_ext.c: Better fix for the double free in dist point
2230 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2232 * lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
2235 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2237 * lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
2238 lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
2239 gnutls_x509_aki_set_cert_issuer will set null-terminated strings
2241 2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2243 * lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
2244 points Reported by Robert Święcki.
2246 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2250 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2252 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
2253 the size of ck_attributes
2255 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2257 * lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
2260 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2262 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
2263 CKA_ID on key generation
2265 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2267 * lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
2268 when writing a private key
2270 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2272 * lib/ext/server_name.c: When an application calls
2273 gnutls_server_name_set() with a name of zero size disable the
2274 extension Resolves #2
2276 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2280 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2282 * lib/x509/name_constraints.c: name constraints: when no name of the
2283 type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.
2285 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2287 * lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS
2289 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
2291 * lib/gnutls_supplemental.c: Fixed handling of supplemental data
2292 with types > 255. Patch by Thierry Quemerais.
2294 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
2296 * lib/gnutls_priority.c: doc update
2298 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
2300 * lib/gnutls_priority.c: gnutls_priority_init: document that
2301 priorities can be NULL
2303 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
2305 * lib/crypto-selftests.c: corrected self test for 3DES
2307 2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2309 * lib/pkcs11.c: pkcs11: only set ID and label when both size and
2312 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2314 * configure.ac: configure: check for /usr/share/dns/root.key as well
2317 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2319 * m4/hooks.m4: corrected macro which checks libtasn1 for
2320 asn1_decode_simple_ber
2322 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2324 * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
2325 lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3
2327 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2329 * doc/cha-internals.texi: rearranged internal documentation
2331 2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
2333 * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
2334 src/socket.c: tools: added ftp as a starttls protocol
2336 2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
2338 * src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
2341 2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2343 * doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
2346 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2348 * src/tests.c: gnutls-cli-debug: corrected check of certificate
2351 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2353 * tests/x509cert.c: tests: added small test to verify that
2354 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert
2356 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2358 * src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
2359 unsupported TLS protocols as soon
2361 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2363 * src/socket.c: cli sockets: check for a digit prior using atoi
2365 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2367 * src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
2370 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2372 * src/socket.c: gnutls-cli-debug: do not warn multiple times about
2375 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2377 * doc/cha-support.texi: updated documentation on FIPS140-2
2379 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2381 * tests/cert-tests/Makefile.am,
2382 tests/cert-tests/template-basic.pem,
2383 tests/cert-tests/template-basic.tmpl,
2384 tests/cert-tests/template-test: Revert "tests: template-test: added
2385 a baseline check to detect slow systems" This reverts commit 2ee2a78178a842c9b0ef2ca3e12909ca3bb9fe79.
2387 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2389 * tests/cert-tests/template-test: tests: don't perform the overflow
2390 check in 32-bit systems
2392 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2394 * tests/cert-tests/template-date.pem,
2395 tests/cert-tests/template-date.tmpl: tests: date parsing test was
2396 modified to work in 32-bit systems
2398 2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2400 * tests/cert-tests/Makefile.am,
2401 tests/cert-tests/template-basic.pem,
2402 tests/cert-tests/template-basic.tmpl,
2403 tests/cert-tests/template-test: tests: template-test: added a
2404 baseline check to detect slow systems
2406 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2410 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
2412 * tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
2415 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2417 * tests/suite/testpkcs11: testpkcs11: detect softhsm2
2419 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2421 * lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
2422 lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
2423 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
2424 m4/hooks.m4: use asn1_decode_simple_ber if available
2426 2015-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2428 * lib/includes/gnutls/abstract.h: list
2429 gnutls_pubkey_get_verify_algorithm as deprected
2431 2015-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2433 * lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
2434 spotted by Andris Mednis
2436 2015-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2438 * NEWS, configure.ac, m4/hooks.m4: released 3.3.13
2440 2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2442 * tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
2443 tests/cert-tests/invalid-sig2.pem,
2444 tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
2445 X.509 certificate signatures
2447 2015-02-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
2449 * lib/gnutls_session.c: doc update: document that session_get_data()
2450 must be used in non-resumed sessions
2452 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2454 * tests/suite/testcompat-main: tests: testcompat: disable tests with
2455 NULL ciphersuites; debian doesn't support them
2457 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2461 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2463 * lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN
2465 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2467 * tests/mini-overhead.c, tests/mini-record.c: tests: require DTLS
2470 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2472 * lib/algorithms/ciphersuites.c: corrected check which prevented
2473 client to sent an unacceptable for the version ciphersuite
2475 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2477 * lib/gnutls_record.c: fixed sequence number copy
2479 2015-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2483 2015-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2485 * lib/x509/x509.c: when importing a certificate ensure that the
2486 signature parameters match
2488 2015-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2492 2015-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2494 * lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
2497 2015-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2499 * src/cli.c: handle differently OCSP responses that are revoked and
2502 2015-02-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2504 * src/common.c: compilation fix with return on void function;
2505 reported by David Marx
2507 2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
2509 * lib/gnutls_state.c: doc update
2511 2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
2513 * lib/gnutls_buffers.c: set the appropriate direction when
2514 _gnutls_io_write_flush() is called
2516 2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
2518 * doc/cha-gtls-app.texi: documented using a session with fork or
2521 2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2523 * lib/gnutls_buffers.c: print errno in a more uniform way
2525 2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2527 * lib/x509/x509.c: on certificate import check whether the two
2528 signature algorithms match
2530 2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2532 * lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
2535 2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2537 * src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
2538 so verbose about the OCSP nonce; it is universally unsupported
2540 2015-01-17 Tim Ruehsen <tim.ruehsen@gmx.de>
2542 * src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2544 2015-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2546 * NEWS: released 3.3.12
2548 2015-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2552 2015-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2554 * configure.ac, m4/hooks.m4: bumped versions
2556 2015-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2560 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2562 * libdane/errors.c: corrected typos Reported by Guido Kroon.
2564 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2566 * lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
2567 obsolete versions That prevents using these versions as record version numbers, unless
2568 they are the only protocol supported. This avoids the issues with
2569 servers that have banned SSL 3.0 record versions.
2571 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2573 * src/ocsptool-common.c: ocsptool: follow the documented process for
2574 gnutls_x509_crt_get_authority_info_access
2576 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2578 * lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
2581 2015-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
2583 * src/ocsptool-common.c: ocsptool-common: iterate through all AIA
2584 items prior to decidig the OCSP server
2586 2015-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2588 * src/cli-args.def: simplified text for inline-commands-prefix
2590 2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2592 * NEWS: doc update: added urls of savannah reports
2594 2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2598 2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2600 * src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
2601 --starttls-proto option
2603 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
2605 * lib/pkcs11.c: pkcs11: cleanup the name of types Conflicts: lib/pkcs11.c
2607 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
2609 * lib/pkcs11.c: pkcs11: when importing a public key, import it's
2610 data as well (version 2 fix)
2612 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
2614 * lib/x509/verify.c: doc update
2616 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2618 * lib/pkcs11.c: pkcs11: when importing a public key, import it's
2621 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2623 * lib/gnutls_cert.c: doc update
2625 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2629 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2631 * lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
2632 from a client, the server verifies if it supports the extension’s
2633 contents in _gnutls_session_cert_type_supported(). This function
2634 checks for cred->get_cert_callback but not cred->get_cert_callback2.
2635 As a result, servers setup for OpenPGP certificate credential
2636 callback with gnutls_certificate_set_retrieve_function2() are unable
2637 to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside
2638 cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein.
2640 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2642 * lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
2643 release the cached value
2645 2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
2649 2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
2651 * lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
2652 record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712
2654 2015-01-08 Ludovic Courtès <ludo@gnu.org>
2656 * NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
2657 during expansion and at run time. Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'. * NEWS: Update.
2659 2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2663 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2665 * lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
2666 exceed MTU Resolves: https://savannah.gnu.org/support/?108715
2668 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2670 * lib/gnutls_buffers.c: Added more precise check of push functions
2673 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
2675 * src/Makefile.am: danetool: only compile when dane is enabled
2677 2014-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
2679 * lib/crypto-backend.c: Allow a random generator with the same
2680 priority to re-register That corrects an issue where the library is deinitialized, and
2681 reinitialization wouldn't register the same rnd module. Reported by
2684 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2686 * src/certtool-cfg.c: certtool: modified check for READ_NUMERIC
2688 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2690 * src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
2693 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2695 * src/certtool-cfg.c: certtool: check for overflows when reading
2698 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2700 * src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
2701 type for integers read
2703 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2705 * src/socket.c: gnutls-cli-debug: more precise handling of SMTP
2706 protocol Patch by Andreas Metzler.
2708 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2712 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2714 * gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
2715 gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
2716 gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
2717 gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
2718 gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
2719 gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
2720 gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
2721 gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
2722 gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
2723 gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
2724 gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
2725 gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
2726 gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
2727 gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
2728 gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
2729 gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
2730 gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
2731 gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
2732 gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
2733 gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
2734 gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
2735 gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
2736 gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
2737 gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
2738 gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
2739 gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
2740 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
2741 gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
2742 gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
2743 gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
2744 gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
2745 gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
2746 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
2747 gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
2748 gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
2749 gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
2750 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
2751 gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
2752 gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
2753 gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
2754 gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
2755 gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
2756 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
2757 gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
2758 gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
2759 gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
2760 gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
2761 gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
2762 gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
2763 gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
2764 gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
2765 gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
2766 gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
2767 gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
2768 gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
2769 gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
2770 gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
2771 gl/tests/signature.h, gl/tests/test-alloca-opt.c,
2772 gl/tests/test-base64.c, gl/tests/test-binary-io.c,
2773 gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
2774 gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
2775 gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
2776 gl/tests/test-float.c, gl/tests/test-fputc.c,
2777 gl/tests/test-fread.c, gl/tests/test-fstat.c,
2778 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
2779 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
2780 gl/tests/test-ftello4.c, gl/tests/test-func.c,
2781 gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
2782 gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
2783 gl/tests/test-iconv.c, gl/tests/test-init.sh,
2784 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
2785 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
2786 gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
2787 gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
2788 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
2789 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
2790 gl/tests/test-stdlib.c, gl/tests/test-string.c,
2791 gl/tests/test-strings.c, gl/tests/test-strnlen.c,
2792 gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
2793 gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
2794 gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
2795 gl/tests/test-sys_wait.h, gl/tests/test-time.c,
2796 gl/tests/test-u64.c, gl/tests/test-unistd.c,
2797 gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
2798 gl/tests/test-vc-list-files-cvs.sh,
2799 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
2800 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
2801 gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
2802 gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
2803 gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
2804 src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
2805 src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
2806 src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
2807 src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
2808 src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
2809 src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
2810 src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
2811 src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
2812 src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
2813 src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
2814 src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
2815 src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
2816 src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
2817 src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
2818 src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
2819 src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
2820 src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
2821 src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
2822 src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
2823 src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
2824 src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
2825 src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
2826 src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
2827 src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
2828 src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
2829 src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
2830 src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
2831 src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
2832 src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
2833 src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
2834 src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
2835 src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
2836 src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
2837 src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
2838 src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
2839 src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
2840 src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
2841 src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
2842 src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
2843 src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
2844 src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
2845 src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
2846 src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
2847 src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
2848 src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
2849 src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
2850 src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
2851 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
2852 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
2853 src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
2854 src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
2855 src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
2856 src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
2857 src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
2858 src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
2859 src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
2860 src/gl/parse-datetime.y, src/gl/printf-args.c,
2861 src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
2862 src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
2863 src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
2864 src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
2865 src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
2866 src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
2867 src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
2868 src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
2869 src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
2870 src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
2871 src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
2872 src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
2873 src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
2874 src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
2875 src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
2876 src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
2877 src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
2878 src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
2879 src/gl/xsize.h: updated gnulib
2881 2015-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2883 * src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
2886 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2890 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2894 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2896 * src/certtool.c: certtool: --pubkey-info will load a public key
2899 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2901 * lib/system.h: include netinet/in.h if present to access ipv6
2902 related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713
2904 2014-12-30 Matthias-Christian Ott <ott@mirix.org>
2906 * lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
2907 textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
2908 _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
2909 textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
2910 this case and thus does not need to be called.
2912 2014-12-30 Matthias-Christian Ott <ott@mirix.org>
2914 * lib/accelerated/x86/aes-gcm-padlock.c,
2915 lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
2916 VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
2917 _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
2918 textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
2919 the plaintext length (last parameter) is greater than zero and
2920 segfault otherwise. The assembler code for both functions is
2921 automatically generated and imported from OpenSSL, so to ease
2922 maintenance the length should be validated in the functions that
2923 call padlock_ecb_encrypt or padlock_cbc_encrypt.
2925 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2927 * tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test
2929 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2931 * lib/openpgp/output.c: openpgp: properly print names in oneline
2934 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2936 * lib/openpgp/output.c: updates in openpgp DSA key printing
2938 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2940 * lib/openpgp/output.c: properly print openpgp names
2942 2014-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2944 * src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
2945 functions only when OCSP is enabled
2947 2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2949 * lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
2950 gnutls_pubkey_import_ecc_x962().
2952 2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2954 * src/certtool-args.def, src/p11tool-args.def: tools: document the
2957 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2961 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2963 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
2964 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: Use
2965 hints to support incomplete PKCS#11 URIs
2967 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2969 * doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
2970 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
2971 separated the two gnulibs to avoid conflicts
2973 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2975 * gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
2976 gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
2977 gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
2978 gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
2979 gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
2980 src/gl/Makefile.am, src/gl/m4/extensions.m4,
2981 src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
2982 src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
2983 src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
2984 src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
2985 src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib
2987 2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2991 2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2993 * lib/x509/verify-high2.c: when importing object CAs from PKCS#11
2994 URL, import the marked as trusted only
2996 2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2998 * lib/pkcs11.c: pkcs11: when matching objects, also match the label
3000 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3002 * tests/suite/pkcs11-chainverify.c: added missing variable
3004 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3006 * lib/x509/Makefile.am: Added p11-kit cflags in x509/
3008 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3010 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
3011 tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
3012 tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm: Added
3013 softhsm.h to share code in softhsm detection Conflicts: tests/suite/pkcs11-chainverify.c tests/suite/pkcs11-privkey.c
3015 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3017 * lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
3018 #11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
3019 token URL, but rather a direct reference to specific objects.
3021 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3023 * lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
3024 for the cork/uncork functions Reported by Jaak Ristioja.
3026 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3028 * lib/gnutls_record.c: doc update
3030 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3034 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3036 * lib/algorithms/protocols.c: Added more precise version check in
3037 _gnutls_version_lowest
3039 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3041 * lib/algorithms.h, lib/algorithms/protocols.c,
3042 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
3043 record version in the client Hello will be set to the lowest
3044 supported protocol There should have been no harm in keeping it SSL 3.0 but
3045 unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
3046 as MUST NOT do that. That will be fixed in a later revision but
3047 since then there are servers not accepting SSL 3.0 as a valid record
3048 version (note that this is about the record version, which describes
3049 the format of the packet, nothing to do with the negotiated
3052 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3054 * lib/gnutls_record.c: corrected documentation of gnutls_cork()
3056 2014-12-12 Ludovic Courtès <ludo@gnu.org>
3058 * NEWS, doc/gnutls-guile.texi, guile/modules/gnutls.in,
3059 guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
3060 guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: Revert
3061 "guile: Remove RSA parameters and related procedures." This reverts commit 9f5788469f6f3f3fdd4cf064621a903607f10f2f; this
3062 will be done in the 3.4 branch, as for the C library. Update NEWS
3065 2014-12-12 Ludovic Courtès <ludo@gnu.org>
3067 * NEWS: Update 'NEWS'.
3069 2014-12-11 Ludovic Courtès <ludo@gnu.org>
3071 * guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
3072 mode, for the sake of MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
3073 of 'open-input-file'.
3075 2014-12-11 Ludovic Courtès <ludo@gnu.org>
3077 * guile/src/Makefile.am: guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined.
3079 2014-12-04 Ludovic Courtès <ludo@gnu.org>
3081 * guile/src/Makefile.am: guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter.
3083 2014-12-04 Ludovic Courtès <ludo@gnu.org>
3085 * guile/modules/Makefile.am, guile/modules/gnutls.in,
3086 guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
3087 guile/src/core.c, guile/src/make-session-priorities.scm,
3088 guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
3089 guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use
3090 'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise.
3092 2014-12-04 Ludovic Courtès <ludo@gnu.org>
3094 * doc/gnutls-guile.texi, guile/modules/gnutls.in,
3095 guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
3096 guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
3097 Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
3098 Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x):
3099 Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise.
3101 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3103 * lib/random.c: gnutls_rnd: doc update
3105 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3107 * lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update
3109 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3111 * libdane/dane.c: improved documentation on dane
3113 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3115 * src/pkcs11.c: p11tool: use Sleep() in windows
3117 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3119 * src/certtool-cfg.c: certtool: ensure that default_serial_int is
3122 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3124 * src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.
3126 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3128 * NEWS: released 3.3.11
3130 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3132 * configure.ac, m4/hooks.m4: bumped version
3134 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3136 * tests/suite/testcompat-main: testcompat: corrected usage of null
3139 2014-12-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3141 * lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code
3143 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3145 * lib/x509/dn.c: _gnutls_x509_get_dn() always return a null
3148 2014-12-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3150 * lib/random.h: if the rnd structure doesn't provide check,
3151 _gnutls_rnd_check() will succeed
3153 2014-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3155 * lib/x509/x509.c: Reorganized, and eliminated memory leak in
3156 _gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.
3158 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3160 * lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
3163 2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
3165 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
3166 check for whether %NO_EXTENSIONS is required
3168 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3170 * lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
3173 2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3175 * lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
3176 memory leak when certificate could not be parsed Reported by Georg Richter.
3178 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3180 * src/socket.c: gnutls-cli-debug: do not print error on unknown
3183 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3185 * lib/gnutls_x509.c: documented the limitations of the loading
3188 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3190 * lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.
3192 2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
3194 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
3195 check for sorted certificate chain
3197 2014-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3199 * lib/gnutls_handshake.c, lib/gnutls_record.c,
3200 tests/mini-rehandshake-2.c: restore only the documented behavior
3202 2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3206 2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3208 * tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
3209 for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake Conflicts: tests/Makefile.am
3211 2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3213 * lib/gnutls_handshake.c, lib/gnutls_record.c: treat
3214 GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
3215 complete This corrects a regression introduced in
3216 b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
3217 https://savannah.gnu.org/support/?108690
3219 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3223 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3225 * lib/gnutls_priority.c: Revert "The priority modifier
3226 %LATEST_RECORD_VERSION is now the default" This reverts commit 96b408b20fe8707306f38cba6f652556b99a47e4.
3228 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3230 * lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
3233 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3235 * lib/fips.c: compilation fix for FIPS140-2 mode
3237 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3239 * lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
3240 done when it is required only.
3242 2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3244 * lib/gnutls_priority.c: NORMAL priority: prioritize the less than
3245 256-bits curves at the lowest level
3247 2014-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3249 * lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
3250 zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
3252 2014-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3256 2014-11-14 David Weber <dave@veryflatcat.com>
3258 * src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
3259 and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am
3260 unable to compile gnutls (./configure complains about gl_INIT and
3261 ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3263 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3265 * src/common.c: gnutls-cli: print info on the OCSP status request
3267 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3269 * lib/x509/ocsp.c: use the original DER/BER data when verifying an
3270 OCSP response Conflicts: lib/x509/ocsp.c
3272 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3274 * lib/system.c: windows: updated _gnutls_ucs2_to_utf8()
3276 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3278 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
3279 for OCSP status response Conflicts: src/tests.c
3281 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3283 * src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
3284 that disallow the SSL 3.0 record version
3286 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3288 * tests/cert-tests/crq: corrected crq test case; reported by Andreas
3291 2014-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3293 * lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
3296 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3298 * lib/nettle/rnd-common.h: rnd: removed the packed attribute from
3299 event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas
3302 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3306 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3308 * lib/gnutls_priority.c: The priority modifier
3309 %LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
3310 number from the first packet of the record protocol.
3312 2014-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3314 * tests/suite/testcompat-common, tests/suite/testcompat-main:
3317 2014-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3319 * configure.ac, m4/hooks.m4: bumped version
3321 2014-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3325 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3327 * configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq:
3328 Added check with the invalid crq sent by Sean Burford
3330 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3332 * lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
3333 format, perform additional sanity checks on input Reported by Sean Burford.
3335 2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3337 * doc/cha-intro-tls.texi: doc update
3339 2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3341 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
3344 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3346 * src/socket.c: tools: include arpa/inet.h in socket.c
3348 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3350 * doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
3353 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3355 * lib/pkcs11.c: pkcs11: pass the correct user type to protected
3356 authentication login
3358 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3360 * doc/cha-gtls-app.texi: doc: corrected values for INSECURE level
3362 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3366 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3368 * lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
3369 type on reauthentication
3371 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3373 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
3374 force login on tokens that require it
3376 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3378 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
3379 support for PKCS #11 keys that require reauthentication and
3380 simplified pkcs11_login
3382 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3384 * gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
3385 to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3387 2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3389 * src/cli-debug.c, src/common.c, src/common.h, src/tests.c:
3390 gnutls-cli-debug: backported changes from 3.4.0 branch
3392 2014-11-05 Chen Hongzhi <hongzhi.chen@me.com>
3394 * lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
3396 2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3398 * doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive
3400 2014-11-04 Chris Barry <chris@barry.im>
3402 * doc/cha-auth.texi, doc/cha-cert-auth.texi,
3403 doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi:
3404 Cleaning up some awkward phrasings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3406 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
3408 * lib/ext/alpn.c: updated text
3410 2014-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3414 2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
3416 * lib/system_override.c: doc: Added missing reference for EMSGSIZE
3417 to inline documentation of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3419 2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
3421 * lib/system_override.c: doc: Fixed typo in inline comment of
3422 gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3424 2014-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3426 * lib/gnutls_errors.c: updated the text for
3427 GNUTLS_E_UNSUPPORTED_VERSION_PACKET
3429 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3431 * lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
3434 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3436 * lib/pkcs11.c: deinitialize the temporary spki data
3438 2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3440 * tests/Makefile.am, tests/init_fds.c: tests: added test for
3441 gnutls_global_init after all descriptors are closed Conflicts: tests/Makefile.am
3443 2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3445 * lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h:
3446 corrected check for urandom fd
3448 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3450 * lib/gnutls_global.c: corrected exit state from gnutls_global_init
3452 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3456 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3458 * doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
3459 account the new behavior
3461 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3463 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
3464 lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
3465 gnutls_fd_in_use, it is no longer necessary Conflicts: lib/libgnutls.map
3467 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3469 * lib/crypto-backend.h, lib/gnutls_global.c,
3470 lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
3471 lib/random.h: When gnutls_global_init() is called manually from the
3472 application check the urandom fd for validity That addresses the issue where a server closes all open file
3473 descriptors and then calls gnutls_global_init(). Conflicts: lib/nettle/rnd-common.c
3475 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
3477 * lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits
3479 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
3483 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3487 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3489 * lib/nettle/rnd.c: doc update
3491 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3493 * lib/gnutls_state.c: do not explicitly refresh rnd state on session
3494 deinit It is already being refreshed during the session lifetime.
3496 2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3498 * configure.ac: disable hardware acceleration by default in solaris
3500 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3502 * tests/dtls/dtls: tests: dtls-stress -r disabled as it causes
3503 issues when used with freebsd kernel
3505 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3507 * lib/accelerated/x86/elf/aes-ssse3-x86.s,
3508 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
3509 lib/accelerated/x86/elf/aesni-x86.s,
3510 lib/accelerated/x86/elf/aesni-x86_64.s,
3511 lib/accelerated/x86/elf/cpuid-x86.s,
3512 lib/accelerated/x86/elf/cpuid-x86_64.s,
3513 lib/accelerated/x86/elf/e_padlock-x86.s,
3514 lib/accelerated/x86/elf/e_padlock-x86_64.s,
3515 lib/accelerated/x86/elf/ghash-x86_64.s,
3516 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
3517 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
3518 lib/accelerated/x86/elf/sha256-avx-x86_64.s,
3519 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
3520 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
3521 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
3522 directive in assembly files, as it isn't portable
3524 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3526 * configure.ac, lib/Makefile.am: check and use libnsl (used in
3529 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3531 * lib/accelerated/x86/elf/aes-ssse3-x86.s,
3532 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
3533 lib/accelerated/x86/elf/aesni-x86.s,
3534 lib/accelerated/x86/elf/aesni-x86_64.s,
3535 lib/accelerated/x86/elf/cpuid-x86.s,
3536 lib/accelerated/x86/elf/cpuid-x86_64.s,
3537 lib/accelerated/x86/elf/e_padlock-x86.s,
3538 lib/accelerated/x86/elf/e_padlock-x86_64.s,
3539 lib/accelerated/x86/elf/ghash-x86_64.s,
3540 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
3541 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
3542 lib/accelerated/x86/elf/sha256-avx-x86_64.s,
3543 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
3544 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
3545 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: use the
3546 .note.GNU-stack in linux systems only
3548 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3550 * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
3551 gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
3552 gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
3553 gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
3554 src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
3555 src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
3556 src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
3557 src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c:
3560 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3564 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3566 * tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
3567 validity of gnutls_x509_trust_list_get_issuer
3569 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3571 * lib/x509/verify-high.c: corrected bug in
3572 gnutls_x509_trust_list_get_issuer() when used without the
3573 GNUTLS_TL_GET_COPY flag
3575 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3577 * tests/slow/Makefile.am: tests: include minitasn1 when needed
3579 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3581 * src/danetool.c: use HAVE_DANE ifdef for unused functions
3583 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3585 * lib/libgnutls.map: exported gnutls_fd_in_use
3587 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3591 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3593 * doc/cha-gtls-app.texi: document gnutls_fd_in_use()
3595 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3597 * lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
3600 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3602 * lib/gnutls_state.c: gnutls_fd_in_use: mention version
3604 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3606 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
3607 lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
3608 check whether a file descriptor is in use
3610 2014-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3612 * lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode
3614 2014-10-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3616 * lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
3619 2014-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3623 2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3625 * src/certtool.c: certtool: default pkcs-cipher is now 3des as in
3628 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3630 * src/cli-args.def: gnutls-cli: prevent the combination of the -p
3631 and --list options As -p may be mistaken for --priority that would prevent wrong
3634 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3636 * lib/x509/verify-high2.c: avoid d from getting out of scope
3638 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3640 * src/udp-serv.c: gnutls-serv: avoid possible buffer overrun
3642 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3644 * lib/x509/privkey.c: avoid memory leak on
3645 gnutls_x509_privkey_generate() failure
3647 2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3649 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
3650 lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
3651 1024-bit DSA parameters when generating
3653 2014-10-14 Ludovic Courtès <ludo@gnu.org>
3655 * guile/src/core.c: guile: Remove trailing zero in
3656 'gnutls_server_name_set' call. In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
3657 'set-session-server-name!' would pass a trailing nul character on
3658 the wire after the server name, which would thus be rejected by
3661 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3663 * lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
3664 lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
3665 changes to account for seed starting with null byte
3667 2014-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3669 * src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.
3671 2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3673 * lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
3674 phi(n) for RSA key generation in FIPS-140-2 mode
3676 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3678 * lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
3681 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3683 * lib/nettle/rnd-common.c: simplified getrusage code; the failure
3684 check code wasn't needed
3686 2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3690 2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3692 * tests/x509-extensions.c: tests: added check for import failure of
3693 v1 certificate with extensions
3695 2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3697 * lib/x509/x509.c: do not allow importing X.509 certificates with
3698 version < 3 and extensions present
3700 2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3702 * cfg.mk: update the guile manual along the C one
3704 2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3706 * NEWS, configure.ac, m4/hooks.m4: bumped version
3708 2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3712 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3714 * src/libopts/Makefile.am, src/libopts/ag-char-map.h,
3715 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
3716 src/libopts/autoopts.h, src/libopts/autoopts/options.h,
3717 src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
3718 src/libopts/genshell.c, src/libopts/genshell.h,
3719 src/libopts/intprops.h, src/libopts/m4/libopts.m4,
3720 src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
3721 src/libopts/option-value-type.h,
3722 src/libopts/option-xat-attribute.c,
3723 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
3724 src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
3725 src/libopts/version.c: updated to libopts 5.18.4
3727 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3729 * lib/nettle/rnd-common.c: place all rusage variables into
3730 HAVE_GETRUSAGE block
3732 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3736 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3738 * lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
3741 2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3743 * tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
3746 2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3750 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3752 * lib/ext/session_ticket.c: use wait and retransmit when receiving
3755 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3757 * tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
3758 to dtls-stress That allows it to replay messages in a kind of arbitrary way.
3760 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3762 * lib/ext/heartbeat.c: forbid heartbeat messages during a handshake
3764 2014-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3766 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
3767 added internal variable to track handshake status Conflicts: lib/gnutls_handshake.c
3769 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3771 * .gitignore: more files to ignore
3773 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3775 * tests/suite/pkcs11-is-known.c: tests: updated time in
3778 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3780 * lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
3783 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3785 * tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
3786 tests/test-chains.h: tests: allow running specific chainverify tests
3787 on fixed dates Conflicts: tests/chainverify.c tests/suite/pkcs11-chainverify.c tests/test-chains.h
3789 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3791 * lib/x509/common.c: _gnutls_check_valid_key_id: corrected
3792 activation/expiration check
3794 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3796 * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
3797 simplified and optimized loop
3799 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3801 * doc/cha-crypto.texi: mention nettle as the recommended crypto
3804 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3806 * tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
3807 check to ensure that trust list combination with extra certificates
3810 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3814 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3816 * lib/x509/verify-high.c: when both a trust module and additional
3817 CAs are present account the latter as well That solves an issue in openconnect which used the system trust
3818 module, plus additional certificates. Conflicts: lib/x509/verify-high.c
3820 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
3822 * lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
3823 handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
3826 2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3828 * lib/nettle/pk.c: corrected assignment
3830 2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3832 * lib/libgnutls.map: corrected the name of exported function
3834 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3838 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3840 * tests/test-chains.h: tests: corrected test for v1 cert signing
3841 (removed bogus authorityIdentifier)
3843 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3845 * src/certtool.c: certtool: only set the authority key identifier,
3846 if there is a corresponding subject key identifier
3848 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3850 * lib/pkcs11.c: pkcs11: do not shortcut checks when
3851 GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified
3853 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3855 * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
3856 check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.
3858 2014-10-06 Armin Burgmeier <armin@arbur.net>
3860 * lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
3861 are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
3862 theold URL would be leaked. It is documented that only one URL can
3863 be used, so it should be safe to reject any attempt to add another
3864 one. Signed-off-by: Armin Burgmeier <armin@arbur.net>
3866 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3868 * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
3869 no CKA_ID can be relied on fallback on checking the
3870 SubjectKeyIdentifier Patch by David Woodhouse.
3872 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3874 * lib/gnutls_global.c: report the FIPS140-2 mode
3876 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3878 * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
3879 verification functions
3881 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3883 * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
3884 verification functions
3886 2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3888 * tests/suite/pkcs11-is-known.c: tests: corrected check with
3889 gnutls_x509_trust_list_get_issuer
3891 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3893 * lib/x509/verify-high2.c: corrected remove_pkcs11_url()
3895 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3897 * tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
3898 check gnutls_pkcs11_crt_is_known() when multiple same DNs are
3901 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3903 * lib/pkcs11.c: pkcs11: when checking for presence do not give up on
3906 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3908 * lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()
3910 2014-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3912 * lib/x509/verify-high2.c: doc update: clarifications in
3913 gnutls_x509_trust_list_add_trust_file
3915 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3917 * lib/x509/verify-high.c: corrected compilation for non-pkcs11;
3918 reported by David Woodhouse.
3920 2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
3922 * NEWS: corrected typo
3924 2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3928 2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3930 * tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
3931 check for GNUTLS_TL_GET_COPY
3933 2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3935 * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
3936 lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
3937 flag and documented the limitations of
3938 gnutls_x509_trust_list_get_issuer()
3940 2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3942 * lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
3943 actual function prototypes
3945 2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3949 2014-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3951 * lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
3952 GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
3954 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3956 * lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
3957 allow duplicate entries
3959 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3961 * lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
3964 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3966 * lib/x509/x509.c: corrected type
3968 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3970 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
3971 protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
3972 infinite loop on handshake
3974 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3976 * lib/gnutls_errors.c: removed unused error values
3978 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3980 * lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h:
3981 restrict the number of non-fatal errors gnutls_handshake() can
3984 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3986 * lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
3987 splitting the errors to two tables
3989 2014-09-22 Ludovic Courtès <ludo@gnu.org>
3991 * guile/src/core.c: guile: Restore cross-reference in
3992 'set-session-priorities!' docstring. This had been destroyed in 32d90395.
3994 2014-09-22 Ludovic Courtès <ludo@gnu.org>
3996 * guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
3997 guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
3998 bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the
3999 'server-name-type' enum type.
4001 2014-09-18 Armin Burgmeier <armin@arbur.net>
4003 * lib/x509/verify-high.c: Memory leak fix on certificate copy
4004 failure Signed-off-by: Armin Burgmeier <armin@arbur.net>
4006 2014-09-17 Armin Burgmeier <armin@arbur.net>
4008 * lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>
4010 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4012 * cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk
4014 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4018 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4020 * libdane/dane.c: libdane: do not require the CA to be a direct CA
4022 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4026 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4028 * tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
4029 test suite to pass more of the PKCS #11 API under valgrind
4031 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4033 * src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
4036 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4038 * src/common.c: tools: corrected pin entry
4040 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4042 * lib/gnutls_x509.c: cleaned up memory deallocation in
4043 read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported
4046 2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4048 * doc/certtool.cfg: updated certtool.cfg
4050 2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4052 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
4053 auto-generated files
4055 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
4057 * tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
4058 cancelled out while we parse it, would result to a good signature.
4060 2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4064 2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4066 * configure.ac: depend on p11-kit 0.20.7
4068 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4070 * configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6
4072 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4074 * m4/hooks.m4: require libtasn1 3.9 or later That is because of the ocsp fix.
4076 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4078 * lib/verify-tofu.c: removed unused variable
4080 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4082 * lib/gnutls_x509.c: added sanity check on cleanup
4084 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4086 * src/certtool.c: certtool: corrected typo in printing error
4088 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4090 * lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.
4092 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4094 * doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
4097 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4099 * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
4100 unified the key purpose checks functions
4102 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4104 * lib/includes/gnutls/x509.h, lib/x509/common.h,
4105 lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
4106 same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
4107 will overwrite any previous one with the same name and key.
4109 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4111 * lib/x509/verify-high.c: hostname and key purpose checks were moved
4114 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4116 * lib/x509/output.c, lib/x509/x509_ext.c: doc update
4118 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4120 * m4/hooks.m4: bumped library version
4122 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4124 * lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()
4126 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4128 * lib/x509/common.c: only deallocate data when allocation succeeds
4130 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4134 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
4136 * lib/minitasn1/decoding.c: updated libtasn1
4138 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
4140 * doc/cha-gtls-app.texi: documented the environment variables
4142 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
4144 * lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h:
4145 Backported x509_raw_crt_to_raw_pubkey and x509_crt_to_raw_pubkey
4147 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
4151 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
4153 * src/pkcs11.c: p11tool: print Attached Extensions, instead of
4156 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
4158 * lib/x509/verify-high.c: when adding a duplicate certificate, keep
4161 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
4163 * tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
4164 hardcode the chain number, use its name
4166 2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4168 * lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
4169 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
4170 src/pkcs11.c: fixes in the extension handling
4172 2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4174 * src/pkcs11.c: p11tool: will print trust module extensions if
4177 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
4179 * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
4180 check the key purpose of the CA certificate when in pkcs11 cert
4183 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
4185 * lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
4186 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
4187 lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
4188 lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
4189 in a trust module using
4190 GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT Conflicts: lib/pkcs11.c
4192 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
4194 * lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
4195 lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
4196 and prefixed s/get_extension with _gnutls
4198 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
4200 * lib/x509/verify-high.c: doc update
4202 2014-09-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
4204 * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
4205 lib/includes/gnutls/x509.h, lib/libgnutls.map,
4206 lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
4207 with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
4208 flexibility. Conflicts: lib/libgnutls.map
4210 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4212 * lib/x509/x509_ext.c: doc update
4214 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4216 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
4217 lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
4218 gnutls_x509_crq_get_extension_by_oid2()
4220 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4222 * lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
4223 lib/x509/verify-high.c: Added
4224 gnutls_x509_trust_list_verify_purpose_crt() Conflicts: lib/libgnutls.map
4226 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4230 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4232 * configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
4233 pkcs11x.h when it doesn't exist
4235 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4237 * lib/Makefile.am, lib/pkcs11.c, lib/pkcs11x.h: added pkcs11x.h
4239 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4241 * tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
4242 check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls Conflicts: tests/Makefile.am
4244 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4246 * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
4247 invalid status Reported by Armin Burgmeier.
4249 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4251 * lib/gnutls_ui.c: doc update
4253 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
4255 * lib/pkcs11x.c: added missing file
4257 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4259 * lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
4260 set the invalid status" This reverts commit 950b62da58542938adec366620948c85b78607dd.
4262 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4264 * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
4265 invalid status Reported by Armin Burgmeier.
4267 2014-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4271 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4273 * src/tpmtool.c: tpmtool: corrected key password read
4275 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4277 * src/danetool.c: set umask prior to calling mkstemp
4279 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4281 * lib/x509/verify-high.c: initialize verification output to zero
4283 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4285 * lib/gnutls_buffers.c: dtls: when discarding packet, discard the
4286 correct number of bytes
4288 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4290 * lib/x509/rfc2818_hostname.c: check_ip: initialize ret
4292 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4294 * lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
4295 null to prevent any issue
4297 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4299 * lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
4302 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4304 * lib/nettle/rnd-fips.c: corrected issue in fips RNG
4306 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4308 * lib/nettle/pk.c: added comment to clarify check
4310 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4312 * lib/opencdk/literal.c: opencdk: corrected unsigned comparison
4314 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4316 * lib/tpm.c: fixes in loop for SRK password input
4318 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4320 * src/common.c: apps: corrected GNUTLS_PIN reading
4322 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4324 * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
4325 corrected CRL loading error
4327 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4329 * src/certtool-cfg.c: certtool: corrected copy+paste error
4331 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4335 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4337 * lib/x509/verify-high2.c: corrected usage of readdir_r()
4339 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4341 * src/ocsptool-common.c: ocsptool: better error message
4343 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4345 * lib/x509/verify-high2.c: reentrant fixes for
4346 gnutls_x509_trust_list_add_trust_dir() handle unknown file types
4348 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4350 * tests/ocsp.c: doc update
4352 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4354 * m4/hooks.m4, tests/ocsp.c: Revert "require libtasn0 3.9 or later" This reverts commit 07a906b4e5c9d1446aee1bf4e091fefa1f1eb1da.
4356 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4358 * lib/x509/x509_dn.c: optimized escaped comma handling
4360 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4364 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4366 * m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.
4368 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4370 * tests/crq_apis.c: tests: extended crq API checks
4372 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4374 * lib/x509/x509_write.c: doc update
4376 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4378 * lib/x509/x509_dn.c: when setting a DN properly handle spaces and
4381 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4383 * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
4384 lib/x509/x509.c: The get_raw_dn() functions were modified to work
4385 even if the certificate is generated (not imported)
4387 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4391 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4393 * lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
4394 which have data. Reported by Manuel Pégourié-Gonnard.
4396 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4398 * configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
4401 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4403 * lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
4406 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4408 * configure.ac, m4/hooks.m4: bumped version
4410 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4412 * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
4415 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4417 * tests/ocsp.c: tests: Added tests on the invalid OCSP response
4419 2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
4423 2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
4425 * lib/x509/common.h, lib/x509/verify.c: when comparing an
4426 end-certificate with the trusted list compare the entire certificate
4428 2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4430 * tests/test-chains.h: tests: Added test for amazon.com chain with
4433 2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4435 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
4436 lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
4437 lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
4438 certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
4439 different one with the same name and the same key. That can happen
4440 when an intermediate CA certificate is replaced by a self-signed
4443 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
4445 * lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
4446 allocations and keep a pointer to the DER data for DN
4448 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
4450 * lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
4451 importing a CRL keep the DER data
4453 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
4455 * lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
4456 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
4457 importing a certificate, keep the DER data
4459 2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
4461 * lib/fips.c: fips140: check the integrity of GMP
4463 2014-09-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4465 * lib/fips.c, lib/fips.h, lib/gnutls_global.c,
4466 lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
4467 rounds One round is before the AES acceleration is registered, and the
4468 second is after. That is to allow testing of the AES implementation
4469 used in the DRBG. That is a hack until nettle handles all cipher
4470 acceleration. Conflicts: lib/gnutls_global.c
4472 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
4476 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
4478 * lib/x509/name_constraints.c: name constraints: do not check CN
4479 when a DNSname is available
4481 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
4483 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h:
4484 drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.
4486 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
4488 * lib/crypto-selftests.c: fips140: fail on encryption test failure
4490 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
4492 * lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
4493 put the library into error state
4495 2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4497 * doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex:
4500 2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4502 * doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
4503 fixes in sectioning for p11tool and tpmtool invocation
4505 2014-08-29 Tristan Matthews <le.businessman@gmail.com>
4507 * lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4509 2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4511 * src/pkcs11.c: p11tool: allow printing multiple types of tokens
4513 2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4515 * lib/x509/rfc2818_hostname.c: refer to rfc6125
4517 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
4519 * lib/x509/privkey.c: additional sanity check in RSA key generation
4520 testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
4521 prevent any issues with an accidental null encryption.
4523 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
4525 * lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
4526 error state if key generation fails
4528 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
4530 * cfg.mk, configure.ac, devel/openssl,
4531 lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c:
4532 added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
4535 2014-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
4539 2014-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
4541 * src/pkcs11.c: p11tool: when listing tokens, list their type as
4544 2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4546 * lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s
4548 2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4550 * lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
4551 data in a single pass
4553 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4557 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4559 * lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
4560 objects at a time That improves the performance significantly when reading from tokens
4561 with a significant number of objects. Reported by David Woodhouse.
4563 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4565 * lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
4566 object cannot be imported
4568 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4570 * lib/pkcs11.c: pkcs11: allow objects without label or without ID
4572 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4576 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4578 * tests/test-chains.h: tests: updated name constraints checks to not
4581 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4583 * lib/x509/name_constraints.c, lib/x509/x509.c: doc update
4585 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4587 * lib/x509/verify.c: only check name constraints in non-CA
4590 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4592 * lib/x509/name_constraints.c: ignore constraints for different type
4595 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4597 * lib/x509/name_constraints.c: when verifying name constrains
4598 enforce the single CN rule
4600 2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4602 * src/libopts/autoopts.h: check for stdnoreturn.h presence
4604 2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
4606 * tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
4607 support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
4609 2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
4611 * lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
4613 2014-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4615 * NEWS: released 3.3.7
4617 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4619 * lib/gnutls_record.c: record: tolerate a finished packet with
4622 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4626 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4628 * lib/gnutls_record.c: record: in DTLS discard only messages that
4629 cause unexpected packet errors
4631 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4633 * src/socket.c: tools: use the AI_IDN flag in getaddrinfo if it
4636 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4640 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4642 * src/certtool-common.c, src/certtool-extras.c, src/common.c,
4643 src/danetool.c, src/socket.c: danetool: added openssl-linking
4644 exception That allows linking against unbound.
4646 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4648 * src/danetool.c: danetool: ensure the temporary file is always
4651 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
4653 * lib/gnutls_errors.c: doc update
4655 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
4657 * lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
4658 parameter generation only when FIPS-mode is enabled.
4660 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
4662 * lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
4663 qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
4664 generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.
4666 2014-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
4668 * lib/system.c: use the windows API in windows even if iconv is
4671 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4673 * lib/minitasn1/decoding.c: updated libtasn1
4675 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4677 * lib/minitasn1/decoding.c: updated minitasn1
4679 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4681 * m4/hooks.m4: configure: print error message when nettle is 3.0 or
4684 2014-08-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4686 * lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
4687 lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
4688 structures on re-import to avoid memory leaks. That also adds the gnutls_pkcs7_t structure into the list of allowed
4691 2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4693 * lib/verify-tofu.c: doc update
4695 2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4697 * lib/verify-tofu.c: doc update
4699 2014-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4701 * lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
4702 lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h:
4703 Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
4704 previous import failed.
4706 2014-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4708 * symbols.last: symbols.last: added private entry
4710 2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
4712 * src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
4713 command line option That option will report the status of the FIPS140-2 mode in the
4716 2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
4720 2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
4722 * lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
4723 used to force the FIPS-140-2 mode
4725 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4727 * src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs
4729 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4733 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4735 * src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c:
4736 gnutls-cli/danetool: added a common check for hostname being an IP
4738 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4740 * lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
4741 single CN must be present for hostname verification. Follow up on the original commit that simplifies checking for more
4742 than a single hostname.
4744 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4746 * lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
4747 rfc6125 requirement that a single CN must be present for hostname
4750 2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4752 * tests/hostname-check.c: tests: check that
4753 gnutls_x509_crt_check_hostname() will correctly use the last CN when
4756 2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4758 * lib/x509/rfc2818_hostname.c: when checking the hostname of a
4759 certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
4760 Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
4762 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4764 * src/benchmark-cipher.c: gnutls-cli: more organized printing of
4765 cipher benchmark output
4767 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4769 * src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
4772 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4776 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4778 * lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map:
4779 mac_to_entry -> _gnutls_mac_to_entry
4781 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4783 * lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
4784 keys tests for new internal API
4786 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4788 * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12:
4789 tests: test the decoding of a PKCS #12 structure with SHA256 MAC
4791 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4793 * lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
4794 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
4795 verification with structures that support other than HMAC-SHA1 MACs.
4797 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4799 * lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP
4801 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4803 * lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()
4805 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4807 * src/danetool.c: danetool: obtain certificate only once
4809 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4811 * m4/hooks.m4: bumped version
4813 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4815 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
4818 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4820 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
4821 modified prototype and doc to be recognized by doc parser
4823 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4827 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4829 * src/cli-debug-args.def, src/danetool-args.def, src/socket.c:
4830 danetool/gnutls-cli-debug: added support for imap starttls
4832 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4834 * doc/manpages/tpmtool.1: auto-generated files update
4836 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4840 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4842 * src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
4843 supports SMTP starttls
4845 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4847 * src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h:
4848 danetool: supports SMTP starttls
4850 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4852 * src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
4853 improvements in information presentation
4855 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4857 * libdane/dane.c: libdane: disable debugging mode
4859 2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4863 2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4865 * src/Makefile.am, src/cli.c, src/danetool.c,
4866 src/ocsptool-common.c, src/socket.c, src/socket.h,
4867 tests/suite/testdane: danetool: if the certificate to verify against
4868 is not provide it try to obtain it
4870 2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4872 * lib/gnutls_handshake.c: updated documentation for
4875 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4877 * lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
4878 crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.
4880 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4882 * lib/pkcs11_privkey.c: corrected typo
4884 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4888 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4890 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
4891 p11tool: added --info parameter That allows obtaining information on a specific object.
4893 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4895 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
4896 GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL. That
4897 is, this performs an object URL comparison, rather than a token URL
4900 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4902 * src/p11tool.c: p11tool: only print the debugging message in
4905 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
4907 * lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
4908 GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP
4910 2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4912 * doc/cha-intro-tls.texi: removed reference to UMAC
4914 2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4916 * doc/cha-intro-tls.texi: removed references to SALSA20
4918 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4920 * lib/pkcs11_privkey.c: doc update
4922 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4926 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4928 * lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.
4930 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4934 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4936 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
4937 src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
4938 gnutls_pkcs11_obj_flags_get_str
4940 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4942 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c:
4943 tests: ensure that no environment variables confuse softhsm
4945 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4947 * tests/suite/testpkcs11: testpkcs11: exit if
4948 export_pubkey_of_privkey fails
4950 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4952 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
4953 lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c:
4954 pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
4955 and gnutls_pkcs11_flags_get_str() allows printing them.
4957 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
4959 * lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
4960 gnutls_pkcs11_obj_flags
4962 2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4966 2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4968 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
4969 p11tool: simplify the passing of flags and pass the key wrapping
4972 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4974 * src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
4977 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4981 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4983 * lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
4984 _gnutls_privkey_get_mpis: extended to work for PKCS #11 keys
4986 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4988 * lib/pkcs11.c, lib/pkcs11_privkey.c: doc update
4990 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4992 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
4993 lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
4994 gnutls_pkcs11_privkey_get_pubkey; named
4995 gnutls_pkcs11_privkey_export_pubkey Conflicts: lib/libgnutls.map
4997 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5001 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5003 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
5004 GNUTLS_E_INVALID_REQUEST on invalid params
5006 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5008 * src/p11tool.c: p11tool: activate the --batch option
5010 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5012 * tests/suite/testpkcs11: testpkcs11: Test the export of public key
5014 2014-08-06 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
5016 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
5017 add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
5019 2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
5021 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
5022 lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
5023 subsystem There are cases where we need to export the public key of private
5024 key at a later time. Previously, the public key was only available
5025 immediately after creation of a key pair. This patch allows to
5026 retrieve the public key of a private key at any time after creation. Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
5028 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5030 * lib/pkcs11_privkey.c: documented flags format
5032 2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
5034 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
5035 compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
5037 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5039 * src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
5040 CAMELLIA to the list of default ciphers
5042 2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5044 * lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
5047 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5051 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5053 * lib/x509/privkey_pkcs8.c: pkcs8: initialize parameters on
5056 2014-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
5058 * lib/nettle/rnd-common.c, lib/system.h, lib/x509/verify-high2.c:
5059 several windows compilation fixes Conflicts: lib/atfork.h
5061 2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5063 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
5064 src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
5065 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
5066 src/libopts/autoopts.c, src/libopts/autoopts.h,
5067 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
5068 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
5069 src/libopts/check.c, src/libopts/compat/compat.h,
5070 src/libopts/compat/windows-config.h, src/libopts/configfile.c,
5071 src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
5072 src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
5073 src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
5074 src/libopts/load.c, src/libopts/m4/libopts.m4,
5075 src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
5076 src/libopts/nested.c, src/libopts/numeric.c,
5077 src/libopts/option-value-type.c, src/libopts/option-value-type.h,
5078 src/libopts/option-xat-attribute.c,
5079 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
5080 src/libopts/parse-duration.h, src/libopts/pgusage.c,
5081 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
5082 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
5083 src/libopts/stack.c, src/libopts/streqvcmp.c,
5084 src/libopts/text_mmap.c, src/libopts/time.c,
5085 src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
5086 updated to libopts 5.18.3
5088 2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5090 * build-aux/config.rpath, build-aux/gendocs.sh,
5091 doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
5092 gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
5093 gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
5094 src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
5095 src/gl/select.c, src/gl/xalloc.h: updated gnulib
5097 2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
5099 * lib/x509/pkcs12.c: updated documentation for
5100 gnutls_pkcs12_simple_parse
5102 2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
5104 * NEWS, configure.ac, m4/hooks.m4: bumped versions
5106 2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5110 2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5112 * lib/Makefile.am, lib/inet_pton.c, lib/system.h,
5113 lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
5114 inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
5117 2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5119 * doc/cha-cert-auth.texi: Added text on PKCS #11 verification
5121 2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5123 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
5124 lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
5125 lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
5126 applications that use a header of gnutls. Report and patch Ryan
5129 2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5131 * Makefile.am, configure.ac, doc/Makefile.am: check for sed in
5132 configure.ac and use the output variable in Makefiles
5134 2014-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5136 * lib/gnutls_handshake.c: doc update
5138 2014-07-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
5140 * tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
5141 to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
5142 functionality is present.
5144 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5146 * libdane/dane.c: doc update
5148 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5150 * tests/Makefile.am: tests: added libdane/includes to includes dir
5152 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5154 * NEWS: released 3.3.6
5156 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5158 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
5161 2014-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5163 * m4/hooks.m4: bumped library version
5165 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5167 * libdane/dane.c: libdane: simplified initialization of variables.
5169 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5171 * libdane/dane.c: libdane: bogus and secure values are always
5172 initialized in dane_query_to_raw_tlsa
5174 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5176 * tests/dane.c: tests: eliminated leak from dane check
5178 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5180 * libdane/dane.c: libdane: use gnutls_malloc() and doc update
5182 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5184 * tests/Makefile.am, tests/dane.c: Added self test for DANE raw
5187 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5189 * src/danetool-args.def, src/danetool.c: danetool: added option to
5190 print the raw entries.
5192 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5194 * libdane/dane.c: doc update
5196 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5198 * lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols
5200 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5202 * lib/accelerated/x86/aes-gcm-x86-pclmul.c,
5203 lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
5206 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5208 * lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
5209 _gnutls_prf_raw() which can calculate the TLS PRF without depending
5210 on a session structure.
5212 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5214 * lib/fips.c: fips140-2: do not check the libtasn1's integrity
5216 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5218 * lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
5219 allowed in TLS 1.0. That is because they implement the EncryptedPreMasterSecret encoding
5220 according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
5221 and there can be ambiguities when using that over SSL 3.0. See:
5222 http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html
5224 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5226 * lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
5227 any action That allows a valid err_pos, even on a memory allocation error.
5228 Reported by Dan Fandrich.
5230 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5232 * doc/TODO: updated TODO
5234 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5236 * lib/algorithms/ciphersuites.c: minimum version was changed to TLS
5237 1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
5238 usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
5240 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5242 * lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
5243 returned on reinitialization
5245 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5247 * tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c:
5248 tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()
5250 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5252 * lib/gnutls_x509.c: doc update
5254 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5258 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5260 * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
5261 lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()
5263 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5265 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
5266 lib/x509/verify-high2.c: Added
5267 gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
5268 with trusted certificates.
5270 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5272 * configure.ac, lib/system.c: Allow specifying a directory as trust
5275 2014-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5279 2014-07-10 Simon Arlott <sa.me.uk>
5281 * libdane/dane.c, libdane/includes/gnutls/dane.h,
5282 libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
5283 dane_raw_tlsa() to make it easy to copy the results of the
5284 (synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for
5285 dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
5286 is 0 (it is possible for malloc/calloc to return NULL when requested
5287 to allocate 0 bytes). Signed-off-by: Simon Arlott
5289 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5291 * lib/fips.c: FIPS140-2 tests: no need for MD5 check
5293 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5295 * lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
5296 (and time-consuming) tests.
5298 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5300 * lib/accelerated/x86/x86-common.c: Allow specifying
5301 GNUTLS_CPUID_OVERRIDE in either hex or decimal.
5303 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5307 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5309 * lib/accelerated/x86/x86-common.c: Added option to disable any cpu
5312 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5314 * lib/accelerated/x86/x86-common.c,
5315 lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
5318 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5320 * lib/accelerated/x86/x86-common.c: Allow overriding the detected
5321 CPUID using the GNUTLS_CPUID_OVERRIDE environment variable
5323 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5325 * lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
5326 check for RSA encryption
5328 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5330 * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
5331 and DSA-3072 bit keys, as well as SHA256.
5333 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5335 * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
5336 and RSA-3072 bit keys
5338 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5340 * lib/crypto-selftests-pk.c: tests: check RSA with SHA256
5342 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5344 * lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
5345 encrypted data differ from plaintext
5347 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5349 * lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
5350 size required by SP800-38D (section 8.2)
5352 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5356 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5358 * src/certtool-args.def, src/certtool-common.c,
5359 src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
5360 src/p11tool.c: p11tool/certtool: Added --curve parameter. The curve parameter allows to explicitly specify the curve to use
5361 when generating a key.
5363 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5367 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5369 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
5370 lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
5371 CKA_EC_PARAMS when generating an ECDSA key
5373 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5375 * src/pkcs11.c: p11tool: only print warning about key sizes in RSA
5378 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5380 * src/pkcs11.c: p11tool: make brief output more brief
5382 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5384 * lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
5387 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5389 * libdane/dane.c: dane: Skip DANE entries that may contain unknown
5390 info That would allow skipping any future entries without failing.
5391 Reported by Simon Arlott.
5393 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5395 * libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by
5398 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5400 * doc/examples/ex-cert-select-pkcs11.c,
5401 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
5402 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
5403 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
5404 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
5405 doc/examples/ex-serv-x509.c: examples: mention that
5406 gnutls_global_init() is optional
5408 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5410 * doc/cha-tokens.texi: doc: mention and link to trust storage module
5412 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5414 * doc/cha-bib.texi, doc/cha-tokens.texi: doc update
5416 2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5420 2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5422 * lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
5423 a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero
5426 2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5428 * lib/pkcs11.c: Increased number of attributes
5430 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5434 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5436 * lib/pkcs11_privkey.c: try to restart on session errors, to avoid
5437 having a failed call.
5439 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5441 * lib/pkcs11.c: corrected pkcs11 reinitialization
5443 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5445 * lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
5446 invalidate the cached session.
5448 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5450 * lib/pkcs11.c: set the maximum value when printing
5453 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5455 * lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
5456 #11 privkey cached session
5458 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5462 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5464 * src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
5465 and private objects, and there is no one-size fits all policy. Thus
5466 allow a proper failure and warn the user that so-login may be
5469 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5471 * tests/suite/testpkcs11: testpkcs11: Try to write the trusted
5472 object both by so-pin and normal pin
5474 2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5476 * tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
5477 deleted after generation
5479 2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5481 * configure.ac, m4/hooks.m4: bumped version
5483 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5485 * tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm
5487 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5491 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5493 * src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
5494 GNUTLS_SO_PIN when setting the PINs of an initialized token.
5496 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5498 * tests/slow/gendh.c: tests: gendh: increased the DH prime size to
5499 allow usage under FIPS140-2 mode
5501 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5503 * src/common.c: tools: when in batch mode and no PIN, print a note
5504 about using the environment variables
5506 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5508 * tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
5509 size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.
5511 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5513 * tests/crq_key_id.c: tests: improved error reporting in crq_key_id
5515 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5517 * doc/cha-upgrade.texi: doc: properly terminate table
5519 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5521 * lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
5522 from the acceptable bit sizes in FIPS140-2 DSA parameter generation.
5524 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5528 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5532 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5534 * src/certtool.c, src/common.c, src/common.h, src/danetool.c,
5535 src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
5536 mode and will not ask for PIN.
5538 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5540 * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
5541 src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
5542 specified. Added --batch parameter to disable interaction.
5544 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5546 * src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
5547 only a single token available, don't bother complaining about
5548 specifying the correct URL
5550 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5552 * lib/nettle/int/drbg-aes.h: updated comment
5554 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5558 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5560 * src/certtool-args.def: certtool: document that URLs are supported
5562 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5564 * src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable
5566 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5568 * tests/suite/Makefile.am, tests/suite/testpkcs11,
5569 tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
5570 tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite
5572 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5574 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
5575 gnutls_pkcs11_privkey_generate2(): corrected public key extraction
5578 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5580 * src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
5581 security officer's PIN
5583 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5585 * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
5586 src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.
5588 2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5590 * lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
5591 and IPv6 address matching.
5593 2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5595 * tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE
5597 2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5599 * doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
5602 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5604 * lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
5605 doesn't fit into our buffer.
5607 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5609 * lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
5610 as a hostname There are several misconfigured servers that placed their IP as a
5611 DNS name. Pointed out by David Woodhouse.
5613 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5615 * lib/x509/output.c: supress warnings
5617 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5621 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5623 * configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
5624 instead for AF_INET6
5626 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5628 * configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
5629 addresses. The old dumb code is used in systems that don't have that function.
5631 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5633 * tests/hostname-check.c: tests: Added test cases for IPv4/6
5636 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5638 * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
5639 checks text ip addresses as well. That aligns the documentation with the implementation. Reported by
5642 2014-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5644 * lib/gnutls_str.c: initialize str to NULL
5646 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5648 * lib/x509/crl.c: fixed documentation
5650 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5652 * tests/cert-tests/aki, tests/cert-tests/pathlen,
5653 tests/cert-tests/pem-decoding, tests/suite/crl-test,
5654 tests/suite/invalid-cert, tests/suite/testcompat-main,
5655 tests/suite/testrandom: tests: better replacement of LIBTOOL
5658 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5660 * tests/Makefile.am: tests: ship certs/
5662 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5664 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
5667 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5669 * NEWS, configure.ac, m4/hooks.m4: bumped version
5671 2014-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5673 * src/serv-args.def, src/serv.c: gnutls-serv: removed the
5674 --print-cert option; the cert was anyway being printed.
5676 2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5678 * doc/TODO: doc update
5680 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5682 * src/p11tool-args.def: corrected typo
5684 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5686 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
5687 lib/minitasn1/element.c, lib/minitasn1/element.h,
5688 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
5689 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
5690 lib/minitasn1/structure.c: minitasn1: updated to version 4.0
5692 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5694 * src/p11tool-args.def: p11tool: updated documentation
5696 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5698 * src/pkcs11.c: p11tool: Warn when no --outfile has been specified
5701 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5705 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5707 * tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
5708 structure generation and decoding.
5710 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5712 * src/certtool-args.def, src/certtool-common.c,
5713 src/certtool-common.h, src/certtool.c: certtool: allow specifying
5714 the friendly name on the command line and use the
5717 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5719 * src/pkcs11.c: p11tool: warn in more operations if --login is not
5722 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5724 * src/pkcs11.c: p11tool: No longer assume a default URL for
5727 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5729 * src/common.c: p11tool: Do not allow a newline as PIN.
5731 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5733 * lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
5736 2014-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
5738 * THANKS: updated thanks file
5740 2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5742 * README: clarified license text
5744 2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
5746 * src/cli.c: gnutls-cli: Do not try to load the system CA trust if
5747 --insecure is specified.
5749 2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
5751 * lib/gnutls_srp.c: doc: more consistent use of pointer star.
5753 2014-06-16 Attila Molnar <attilamolnar@hush.com>
5755 * lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
5756 for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>
5758 2014-06-16 Attila Molnar <attilamolnar@hush.com>
5760 * doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
5761 Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
5762 in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>
5764 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5766 * NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
5767 lib/gnutls_record.c, lib/gnutls_record.h,
5768 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
5769 src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
5770 introduced to avoid exporting a structure on the API. That change will allow exporting more info associated with a packet
5773 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5775 * lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
5776 the same on resumed sessions.
5778 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5782 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5784 * tests/suite/pkcs11-chainverify.c: Test the return code of
5785 gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
5786 token. Check whether the return code of
5787 gnutls_x509_trust_list_add_trust_file() is non-zero when
5788 certificates are present.
5790 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5792 * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
5793 returns the number of certificates present when loading a PKCS #11
5796 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5798 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
5799 p11tool: Allow marking a certificate as a CA.
5801 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5803 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
5804 GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA
5807 2014-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5809 * doc/README.CODING_STYLE: coding style: update the DCO text
5811 2014-06-15 Attila Molnar <attilamolnar@hush.com>
5813 * lib/gnutls_state.c: doc: Corrections for
5814 gnutls_handshake_set_hook_function()
5816 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
5818 * doc/cha-intro-tls.texi: doc: updated text for the ALPN
5819 experimental protocols
5821 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
5823 * doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
5824 are duplicated in the section index.
5826 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
5830 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
5832 * tests/Makefile.am, tests/eagain-common.h,
5833 tests/mini-x509-callbacks-intr.c: tests: Added check for the
5834 interrupted post client hello.
5836 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
5838 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
5839 lib/gnutls_v2_compat.c: handshake: Allow the post client hello
5840 callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
5841 GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
5842 and can be resumed when needed.
5844 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5846 * src/benchmark-tls.c: use the new API for receiving data
5848 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5850 * tests/anonself.c: Adapted test to check
5851 gnutls_record_recv_packet().
5853 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5857 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5859 * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
5860 lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
5861 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
5862 gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
5863 i.e., a variant that eliminates the data memcpy().
5865 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5867 * src/tests.c: gnutls-cli-debug: Use proper HTTP request
5869 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5873 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5875 * lib/x509/common.c: When decoding of a DN string fails, treat it as
5876 unknown string and print its hex value.
5878 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5880 * tests/suite/testpkcs11: Print errors but avoid being verbose on
5883 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5885 * src/certtool-common.c: certtool: avoid sizeof() on lbuffer
5887 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5889 * src/certtool-common.c: certtool: ensure that allocated buffer has
5890 a minimum size of 64kb.
5892 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5894 * src/certtool-args.def, src/certtool.c: certtool: Added option
5897 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5899 * lib/x509/x509.c: initialize iterator.
5901 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5903 * lib/x509/crl.c: corrected the allocation size for CRL iterator.
5905 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5907 * tests/suite/Makefile.am, tests/suite/crl-test,
5908 tests/suite/crl/long.pem: Added test for CRL decoding.
5910 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5912 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
5913 lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
5914 lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
5915 thread-safe by making the iterator explicit.
5917 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5919 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
5920 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
5921 tests/suite/Makefile.am, tests/suite/invalid-cert,
5922 tests/suite/testcompat-main, tests/suite/testrandom: Pass the
5923 LIBTOOL variable into test scripts That allows using the detected libtool in scripts. That corrects an
5924 issue on OS X systems that ship a different libtool. Reported by
5927 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5929 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
5930 lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
5931 gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
5933 2014-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5935 * lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally
5937 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5941 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5943 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
5944 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
5945 gnutls_x509_crl_get_crt_serial2(), a faster variant of
5946 gnutls_x509_crl_get_crt_serial(). The new function caches pointers to allow working faster in CRL
5947 structures with lots of entries (e.g., 50000+ entries).
5949 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5951 * src/certtool-common.c, src/certtool-common.h, src/certtool.c,
5952 src/danetool.c: certtool: When an external file is used increase out
5953 maximum buffer accordingly.
5955 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5957 * lib/x509/output.c: Abort printing on error.
5959 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5961 * lib/gnutls_ui.c: tie the weak DH warning to the very weak security
5964 2014-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5966 * m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at
5967 http://savannah.gnu.org/support/?108592
5969 2014-06-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5971 * lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
5974 2014-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5976 * NEWS, configure.ac, m4/hooks.m4: bumped version
5978 2014-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5982 2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
5984 * .gitignore: more files to ignore
5986 2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
5988 * devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
5989 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
5990 lib/accelerated/x86/coff/aesni-x86.s,
5991 lib/accelerated/x86/coff/aesni-x86_64.s,
5992 lib/accelerated/x86/coff/e_padlock-x86.s,
5993 lib/accelerated/x86/coff/e_padlock-x86_64.s,
5994 lib/accelerated/x86/coff/ghash-x86_64.s,
5995 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
5996 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
5997 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
5998 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
5999 lib/accelerated/x86/elf/aes-ssse3-x86.s,
6000 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
6001 lib/accelerated/x86/elf/aesni-x86.s,
6002 lib/accelerated/x86/elf/aesni-x86_64.s,
6003 lib/accelerated/x86/elf/e_padlock-x86.s,
6004 lib/accelerated/x86/elf/e_padlock-x86_64.s,
6005 lib/accelerated/x86/elf/ghash-x86_64.s,
6006 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
6007 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
6008 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
6009 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
6010 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
6011 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
6012 lib/accelerated/x86/macosx/aesni-x86.s,
6013 lib/accelerated/x86/macosx/aesni-x86_64.s,
6014 lib/accelerated/x86/macosx/e_padlock-x86.s,
6015 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
6016 lib/accelerated/x86/macosx/ghash-x86_64.s,
6017 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
6018 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
6019 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
6020 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
6023 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6027 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6029 * cross.mk: updated windows makefile
6031 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6033 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
6034 files for gnutls_credentials_get()
6036 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6038 * configure.ac, m4/hooks.m4: bumped version
6040 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6042 * tests/Makefile.am, tests/long-session-id.c: Added test for memory
6043 corruption issue in server hello. Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.
6045 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6047 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
6048 lib/minitasn1/element.c, lib/minitasn1/gstr.h,
6049 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
6050 lib/minitasn1/parser_aux.h: updated libtasn1
6052 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6054 * lib/x509/common.c: avoid cleanup when there are no allocations in
6055 _gnutls_x509_der_encode().
6057 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6059 * lib/gnutls_ecc.c: cleanup resources on
6060 _gnutls_ecc_ansi_x963_export() failure.
6062 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6064 * src/serv-args.def, src/serv.c: Added the --print-cert option to
6067 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6069 * src/certtool-extras.c: certtool: correct size calculation when
6072 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6074 * lib/opencdk/armor.c: re-indented messy table.
6076 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6078 * lib/opencdk/armor.c: Removed unused function.
6080 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6082 * m4/hooks.m4: document the symbol version bump needed in a .so
6085 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6087 * lib/gnutls_handshake.c: Prevent memory corruption due to server
6088 hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon.
6090 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6092 * lib/gnutls_handshake.c: only try to copy session ID if there is a
6095 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
6099 2014-05-29 Kurt Roeckx <kurt@roeckx.be>
6101 * lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
6103 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
6105 * lib/pkcs11.c: increased the maximum certificate size buffer in the
6108 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
6110 * lib/system.c: re-enabled config path discovery code, and check the
6111 return code of getpwuid_r(). Reported by Viktor Dukhovni.
6113 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6117 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6119 * src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
6120 src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more. It could not be emulated with the new library.
6122 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6124 * lib/accelerated/accelerated.c: removed old check for nettle
6126 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6128 * lib/safe-memset.c: safe_memset: allow memset of zero bytes.
6130 2014-05-27 Hani Benhabiles <kroosec@gmail.com>
6132 * lib/x509/verify-high.c: Fix unused variable warning without
6133 PKCS#11 support. Signed-off-by: Hani Benhabiles <hani@linux.com>
6135 2014-05-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6137 * src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582),
6138 reported by Matt McCutchen.
6140 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6142 * lib/algorithms/protocols.c, lib/gnutls_handshake.c:
6143 _gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
6144 instead of negative.
6146 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
6148 * src/certtool-cfg.c: Allow wildcard comparison of options.
6150 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
6154 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
6158 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
6160 * src/certtool-cfg.c: certtool: Warn when invalid configuration
6161 options are set into a template.
6163 2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6165 * lib/x509/common.c: Do not allow null strings to be read from ASN.1
6166 structures. This corrects a null pointer dereference when parsing some specially
6167 crafted certificates. Issue discovered using the Codenomicon TLS
6170 2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6172 * lib/x509/common.c: removed redundant null termination
6174 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
6176 * lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
6177 prefix from static functions.
6179 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
6181 * lib/gnutls_handshake.c: Do not call the user_hello_func multiple
6182 times when performing ticket resumption.
6184 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
6186 * doc/TODO: doc update
6188 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
6190 * lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
6191 zero if data is NULL and memory buffer size is not sufficient.
6193 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
6195 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
6196 When assigning the TLS version, double check that it is valid.
6198 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
6200 * lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
6201 there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon.
6203 2014-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6205 * src/certtool-cfg.c: Added aliases for unit and organization.
6207 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6209 * lib/x509/common.c: use a signed value for bits.
6211 2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
6215 2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
6217 * src/certtool-cfg.c: certtool: allow multiple organizations and
6218 organizational unit names to be specified in a template.
6220 2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
6222 * lib/gnutls_priority.c: increased the number of allowed elements in
6225 2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
6227 * lib/gnutls_priority.c: simplify break_comma_list().
6229 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6231 * lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
6232 internal _gnutls_x509_get_signature(). That prevents unnecessary replication of its code.
6234 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6236 * lib/x509/common.c, lib/x509/x509.c: more sanity checks on
6239 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6241 * src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def:
6242 tools: Replace normal sec-param with medium in documentation.
6244 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6246 * doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
6247 print the bug reports line from autogen.
6249 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6253 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6255 * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
6256 lib/safe-memset.c: do not yet export gnutls_memset().
6258 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6260 * .gitignore: more files to ignore
6262 2014-05-15 Michał Górny <mgorny@gentoo.org>
6264 * tests/slow/Makefile.am: tests/slow: add -I flags necessary for
6265 out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6267 2014-05-15 Michał Górny <mgorny@gentoo.org>
6269 * tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
6270 out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a
6271 subdirectory of the current working directory. When an out-of-source
6272 build is performed, the files reside in a subdirectory of source
6273 directory instead. Set PKCS12PATH to that directory in order to fix
6274 the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6276 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6278 * tests/dsa/testdsa: changed port of DSA test
6280 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6282 * lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
6283 correct signature size rather than the max.
6285 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6287 * lib/openpgp/output.c: Print the openpgp DN only when
6288 gnutls_openpgp_crt_get_name() failed appropriately.
6290 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6292 * lib/x509/x509_ext.c: initialize string in
6293 gnutls_x509_ext_import_basic_constraints().
6295 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6297 * lib/x509/x509.c: corrected error checking in
6298 gnutls_x509_crt_get_extension_data()
6300 2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6302 * lib/gnutls_ui.c: Allow null list_size argument in
6303 gnutls_certificate_get_peers()
6305 2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6307 * src/serv.c: certificate verification is performed asynchronously.
6309 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
6313 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
6315 * src/danetool-args.def: enhanced the danetool usage instructions.
6317 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
6319 * src/certtool-args.def: Do not use autogen's file option for input
6320 parameters. Instead use a string. We check the file for validity and autogen's
6321 check was imposing rules such as normal file (as opposed to a
6322 device), that were not needed.
6324 2014-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6326 * src/certtool-common.c: certtool: check for null prior to checking
6329 2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6331 * lib/auth/ecdhe.c: cleanup in the initialization of ECDH
6334 2014-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6336 * lib/nettle/pk.c: Eliminated memory leak on failed curve
6337 assignment. The memory leak was uncovered by the Codenomicon TLS suite.
6339 2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6341 * src/cli.c: gnutls-cli: if dane verification is used but not PKIX
6342 only check the end certificate.
6344 2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6346 * libdane/dane.c: doc update
6348 2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6350 * doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
6351 gnutls_set_default_priority() in examples.
6353 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6357 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6359 * libdane/dane.c, libdane/includes/gnutls/dane.h,
6360 libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
6361 allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
6363 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6365 * libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
6366 prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
6368 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6370 * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
6371 prototypes for dane_verify_crt_raw2().
6373 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6375 * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
6376 lib/safe-memset.c: export gnutls_memset().
6378 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6382 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6384 * libdane/dane.c, libdane/includes/gnutls/dane.h,
6385 libdane/libdane.map: Added dane_verify_crt_raw2() which allows
6386 verifying against the certificate name.
6388 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6390 * libdane/dane.c: Improved dane_verify_session_crt(), which now
6391 attempts to create a full chain. This addresses points from
6392 https://savannah.gnu.org/support/index.php?108552
6394 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6396 * lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
6397 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
6398 lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
6399 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
6400 lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
6401 lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
6402 lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
6403 lib/gnutls_x509.c: removed legacy code.
6405 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6407 * lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
6408 lib/libgnutls.map: Added gnutls_credentials_get().
6410 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6412 * src/serv-args.def, src/serv.c: Added gnutls-serv option
6413 --verify-client-cert. That option allows forcing verification of the provided certificate
6414 even if it is not required to present one. In that case the
6415 connection will be closed with a fatal alert.
6417 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6419 * lib/ext/status_request.c: Addressed memory leak in status request
6420 extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite.
6422 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6424 * lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
6425 DHE and ECDHE rehandshakes. The memory leak was uncovered by the Codenomicon TLS suite.
6427 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6429 * cross.mk: updated cross compilation Makefile.
6431 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6433 * lib/ext/safe_renegotiation.c: Avoid memory leak in safe
6434 renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite.
6436 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6438 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
6439 Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite.
6441 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6443 * doc/cha-gtls-app.texi: doc update
6445 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6449 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6451 * doc/cha-gtls-app.texi: updated documentation on library
6452 initialization to reflex the changes in 3.3.0.
6454 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6456 * lib/locks.c: re-enabled gnutls_global_set_mutex().
6458 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6460 * src/Makefile.am: Do not run autogen twice to generate the header
6463 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6465 * tests/cert-tests/Makefile.am: Ship suppressions.valgrind
6467 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6469 * NEWS, configure.ac, m4/hooks.m4: bumped version
6471 2014-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6473 * lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
6474 remainders in the TLS handshake packets. The issue was discovered using the codenomicon TLS suite.
6476 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6478 * lib/ext/srp.c: Account the length byte in SRP extension. Issue identified using valgrind and the Codenomicon TLS test suite.
6480 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6484 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6486 * src/cli.c: Do not set "NORMAL" as default priority string. That is, allow the library to select the appropriate default.
6488 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6490 * doc/cha-gtls-app.texi: fixed typo
6492 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6494 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
6495 lib/includes/gnutls/x509.h, lib/priority_options.gperf,
6496 lib/x509/verify.c: Added the 'very weak' certificate verification
6497 profile. This profile corresponds to a 64-bit security level (e.g., RSA
6498 parameters of 768 bits).
6500 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6502 * doc/cha-gtls-app.texi: doc update
6504 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6506 * doc/credentials/x509/cert-ecc.pem,
6507 doc/credentials/x509/clicert-ecdsa.pem,
6508 doc/credentials/x509/clikey-ecdsa.pem,
6509 doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
6512 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6514 * src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
6515 generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
6516 not widely supported.
6518 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6520 * doc/credentials/x509/clicert-ecdsa.pem,
6521 doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.
6523 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6525 * lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite.
6527 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6531 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6533 * lib/ext/srp.c: initialize to null the SRP extension data on
6534 allocation. Issue identified using valgrind and the Codenomicon TLS test suite.
6536 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6538 * tests/suite/testrng: Modified the testrng for Debian's dieharder.
6540 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6542 * lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite.
6544 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6546 * lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c:
6547 More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite.
6549 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6551 * lib/auth/psk_passwd.c: Eliminated password file descriptor leak. Issue discovered using codenomicon TLS test suite.
6553 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6555 * src/serv.c: Added a timeout to close inactive sessions.
6557 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6559 * doc/cha-gtls-app.texi: doc update
6561 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6563 * doc/cha-gtls-app.texi: doc update
6565 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6567 * src/serv.c: Send the appropriate alert when a certificate is
6568 required but not present.
6570 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6572 * lib/gnutls_global.c: use __sun definition to detect solaris.
6574 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6576 * src/serv.c: Cleaned up server process. This eliminates an infinate loop triggered by unexpected client
6579 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6581 * lib/gnutls_global.c: Added support for constructors and
6582 destructors in solaris CC.
6584 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6586 * tests/suite/testrng: Updated dieharder tests.
6588 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6590 * README-alpha: doc update
6592 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6594 * tests/slow/cipher-test.c: include header for self-test functions
6596 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6598 * tests/suite/testrng: Allow testrng test to run with older versions
6601 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6603 * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
6604 casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
6606 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6608 * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
6609 casting to mpz_t using __mpz_struct.
6611 2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6613 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
6614 lib/minitasn1/element.c, lib/minitasn1/element.h,
6615 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
6616 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
6617 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
6618 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
6619 lib/minitasn1/version.c: updated included libtasn1.
6621 2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6623 * src/certtool-cfg.c: Do not return from void functions. Reported by
6626 2014-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
6628 * lib/gnutls_global.c: removed return from void function.
6630 2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6632 * tests/suite/rng.c, tests/suite/testrng: updated prng test
6634 2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6636 * .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
6637 tests/suite/testrng: Test the random generators in gnutls using the
6640 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6642 * tests/suite/pkcs11-get-issuer.c: use different db file for
6645 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6649 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6651 * lib/x509/verify-high.c: doc update
6653 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6655 * tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
6656 test to verify whether gnutls_x509_trust_list_get_issuer() operates
6657 correctly under PKCS #11 trust list.
6659 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6661 * lib/includes/gnutls/x509.h, lib/x509/verify-high.c:
6662 gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
6665 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6667 * lib/pkcs11_write.c: initialize the size value
6669 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6671 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c:
6672 Include the correct header for the self tests functions
6674 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6678 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6680 * lib/ext/safe_renegotiation.c: removed redundant code. Reported by
6683 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6685 * libdane/dane.c: increased MAX_DATA_ENTRIES to 100.
6687 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6689 * libdane/dane.c: rearranged code
6691 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6693 * src/cli.c: only fail DANE verification if status is non-zero
6695 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6697 * libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
6698 certificate using DANE if there is at least one entry that matches
6699 the certificate. This corrects the previous behavior that was rejecting the
6700 certificate if there were multiple entries and one couldn't be
6701 validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
6702 DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
6704 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6708 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6710 * lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
6711 if the call to gnutls_global_init() failed.
6713 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6715 * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
6716 initialization of random generator. Reported by Martin Kletzander.
6718 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6720 * lib/nettle/rnd.c: Revert "Avoid dual initialization of random
6721 generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.
6723 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6725 * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
6726 lib/accelerated/x86/aes-cbc-x86-aesni.c,
6727 lib/accelerated/x86/aes-cbc-x86-ssse3.c,
6728 lib/accelerated/x86/aes-gcm-padlock.c,
6729 lib/accelerated/x86/aes-gcm-x86-aesni.c,
6730 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
6731 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
6732 lib/accelerated/x86/aes-padlock.c,
6733 lib/accelerated/x86/sha-padlock.c,
6734 lib/accelerated/x86/sha-x86-ssse3.c,
6735 lib/accelerated/x86/x86-common.c, lib/accelerated/x86/{x86.h =>
6736 x86-common.h}: x86.h was renamed to x86-common.h to avoid clashes
6737 with system headers.
6739 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6743 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6745 * lib/nettle/rnd.c: Avoid dual initialization of random generator.
6746 Reported by Martin Kletzander.
6748 2014-04-19 Kurt Roeckx <kurt@roeckx.be>
6750 * lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
6751 mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6753 2014-04-19 Kurt Roeckx <kurt@roeckx.be>
6755 * lib/fips.c: Add _gnutls_fips_mode_enabled() return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6757 2014-04-19 Andreas Metzler <ametzler@bebt.de>
6759 * lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6761 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6763 * lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
6764 suggestion by Shawn (sth0r2046 [at] gmail.com).
6766 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6768 * lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
6769 (sth0r2046 [at] gmail.com).
6771 2014-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6773 * src/certtool.c: Allow exporting a CRL in DER format.
6775 2014-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6777 * AUTHORS, THANKS: cleaned up authors and thanks file.
6779 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6781 * tests/suite/Makefile.am, tests/suite/invalid-cert,
6782 tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
6783 tests/suite/testrandom: More script tests run under valgrind
6785 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6787 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
6788 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
6789 tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.
6791 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6793 * lib/x509/x509.c: Treat othername as printable (i.e., null
6794 terminate it), as the XMPP printing code assumes that.
6796 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6798 * lib/x509/output.c: cleanups in output
6800 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6802 * guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
6803 longer possible in 3.3.x.
6805 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6807 * NEWS: relased 3.3.1
6809 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6811 * tests/suite/testpkcs11: changed port to allow parallelization
6813 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6815 * lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
6816 longer part of the API (though it remains in the ABI).
6818 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6820 * lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
6821 gnutls_secure_malloc() to avoid breaking ABI. gnutls_secure_calloc() is no longer exported as it was never in any
6824 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6826 * lib/Makefile.am: removed file from Makefile that doesn't exist
6828 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6830 * src/cli.c: gnutls-cli will no longer allow the session to proceed
6831 if DANE verification fails.
6833 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6837 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6839 * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
6840 tests/cert-tests/xmpp-othername.pem: Added test certificate with
6841 multiple XMPP othername SAN fields.
6843 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6845 * lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
6846 lib/x509/x509.c: Corrected decoding of XMPP SAN othername. This also corrects the semantics of the get_*_othername_oid()
6847 functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().
6849 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6851 * lib/x509/x509_ext.c: always initialize size values
6853 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6855 * lib/x509/common.c: copy_string() and copy_data() are more
6856 resilient on null input
6858 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6860 * tests/scripts/common.sh: increased server startup wait time. That is because we now check for key/certificate match via a
6861 sign/verify request that may take longer in some systems. Based on
6862 patch by Andreas Metzler.
6864 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6868 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6870 * lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get(). That caused a null pointer dereference when extracting names from a
6871 certificate that contained an OtherName. Reported and investigated
6872 by Kirill A. Shutemov.
6874 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6876 * lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
6877 the already unused secure alloc functions.
6879 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6881 * lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
6882 lib/safe-memset.c: Use a harder to optimize out memset().
6884 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6888 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6892 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6896 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6898 * lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.
6900 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6902 * tests/pskself.c: include hint into psk test.
6904 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6906 * lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.
6908 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6910 * tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.
6912 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6914 * lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK
6916 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6918 * lib/gnutls_psk.c: eliminated the leak of hint when deallocating
6921 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6923 * lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
6924 replacing of auth info based on the provided credentials type. This avoids issues with discrepances in server and client mode.
6926 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6928 * lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
6929 lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
6930 lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
6931 lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
6932 lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
6933 lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.
6935 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6937 * src/cli-args.def, src/cli.c: Both DANE and PKI verification are
6938 advisory when --tofu is being used.
6940 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6944 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
6946 * lib/gnutls_buffers.c: When checking for data to be received use
6947 the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
6948 Reported and investigated by JMRecio.
6950 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6952 * src/cli-args.def: doc update
6954 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6956 * src/cli.c: documentation update.
6958 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6960 * src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various
6961 verification methods.
6963 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6965 * src/cli-args.def: Updated TOFU documentation. Suggested by Jens
6968 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6970 * src/p11tool.c: added newlines to p11tool error messages
6972 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
6976 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
6978 * lib/fips.c: corrected uninitialized value
6980 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
6982 * doc/Makefile.am: removed conditionally exported functions.
6984 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
6986 * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
6987 lib/includes/gnutls/self-test.h: Added self check functions to
6990 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
6992 * configure.ac, m4/hooks.m4: bumped versions
6994 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
6996 * tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
6997 tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
6998 issues in the future
7000 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7002 * tests/chainverify.c: increased the space available for
7003 certificates. That avoids a crash in sparc64; reported by Andreas Metzler.
7005 2014-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7007 * lib/x509/verify-high.c: doc update
7009 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7011 * src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.
7013 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7015 * src/Makefile.am: use the same cflags for included programs as with
7018 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7020 * libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
7023 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7025 * lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
7026 lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
7027 lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
7028 lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
7029 lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
7030 lib/verify-tofu.c: several bug fixes due to coverity.
7032 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7034 * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
7035 lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
7036 fixes due to coverity.
7038 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7040 * lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
7041 lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
7042 lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
7043 reported from coverity in opencdk.
7045 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7047 * lib/gnutls_buffers.c: correctly check for message upper limit.
7049 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7051 * lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
7052 only CRLs in gnutls_x509_trust_list_add_trust_file().
7054 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7056 * doc/cha-gtls-app.texi: doc update
7058 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7060 * src/cli-args.def: Added the PFS priority string.
7062 2014-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7064 * NEWS: corrected Peter's name!
7066 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7070 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7072 * tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
7073 tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
7074 tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.
7076 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7078 * lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
7079 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
7080 #8 files with ECC parameters from openssl. These files do not contain the curve information with the private
7081 key (ECPrivateKey), but they rather contain it in the
7082 privateKeyAlgorithm.
7084 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7086 * lib/ext/heartbeat.c: More strict checking of heartbeat padding
7087 size boundaries. This will let us enforce RFC6520 minimum size for padding. Suggest
7088 by Peter Williams; initially investigated by Frank Li.
7090 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7092 * lib/gnutls_mem.h: unconditionally zeroize temporal keys.
7094 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7096 * cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.
7098 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7100 * tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
7103 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7105 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
7106 the FIPS140-specific functions into the main documentation.
7108 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7110 * tests/key-tests/Makefile.am: Added missing file
7112 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7114 * NEWS: updated documentation
7116 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7118 * lib/libgnutls.map, symbols.last: updated exported symbols table.
7120 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7124 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7126 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
7127 lib/libgnutls.map: mark functions that are only available under
7130 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7132 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
7133 auto-generated files.
7135 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7137 * lib/x509/rfc2818_hostname.c: doc update
7139 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7141 * lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
7142 public and private keys match.
7144 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7146 * lib/gnutls_pubkey.c: doc update
7148 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7150 * cross.mk: update gmplib location
7152 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7154 * lib/Makefile.am: removed double entry
7156 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7158 * tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
7161 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7163 * .gitignore: more files to ignore
7165 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7167 * lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
7168 include this gnulib module.
7170 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7172 * tests/suite/Makefile.am: do not build ecore when cross-compiling
7175 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7177 * src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
7178 src/gl/m4/gnulib-comp.m4: Added bind gnulib module.
7180 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7182 * src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
7183 src/gl/m4/gnulib-comp.m4: Added connect gnulib module.
7185 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7187 * gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
7188 gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
7189 gl/tests/Makefile.am, gl/tests/test-getdelim.c,
7190 gl/tests/test-getline.c: Added getline() in gnulib.
7192 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7194 * configure.ac: corrected configure test for pthread_mutex_lock
7196 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7198 * lib/gnutls_x509.c, lib/x509/x509.c: updated documentation
7200 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7202 * tests/suite/certs/create-chain.sh: updated test cert generator.
7204 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7206 * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
7207 doc/examples/verify.c, lib/gnutls_cert.c,
7208 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
7209 src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
7210 tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
7211 the extendable gnutls_certificate_verify_peers(). That will allow adding new functionality to verification without the
7212 need to add new functions.
7214 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7216 * NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
7217 doc/examples/ex-client-x509.c, doc/examples/verify.c,
7218 lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
7219 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
7220 tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
7221 verify in addition to hostname, the purpose of the end-certificate.
7223 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7225 * m4/hooks.m4: bumped version
7227 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
7229 * lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
7230 using gnutls_certificate_verify_peers3().
7232 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
7234 * lib/gnutls_cert.c: doc update
7236 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
7238 * lib/ext/heartbeat.c: doc update
7240 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7242 * lib/gnutls_priority.c: modify to conform to the documentated
7245 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7247 * cross.mk: updated makefile
7249 2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7251 * configure.ac, lib/Makefile.am: avoid checking or linking with
7252 libpthread in windows
7254 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7256 * tests/suite/testpkcs11: Corrected check for softhsm shared object.
7258 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7260 * lib/gnutls_priority.c: Allow multiple spaces into priorities file.
7262 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7264 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
7265 The "SYSTEM" initial keyword was replaced with the more generic
7266 "@KEYWORD" The @KEYWORD string will open the pre-configured system priority
7267 file and will expand the KEYWORD, to the priority string set in the
7268 file. The file should have the following format:
7269 KEYWORD=PRIORITY_STRING
7271 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7273 * lib/gnutls_int.h: Use the IANA assigned padding extension number.
7275 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7277 * tests/suite/testpkcs11: skip the test if softhsm doesn't exist
7279 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7281 * .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
7282 and config in tests to allow parallel runs.
7284 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7286 * README-alpha: added softhsm dependency for testsuite
7288 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7290 * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
7291 tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
7292 softhsm That allows us running it in the normal test suite.
7294 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7296 * src/certtool-args.def, src/certtool.c, src/cli-args.def,
7297 src/cli.c, src/p11tool.c: Allow using the --provider parameter in
7298 gnutls-cli and certtool to specify a PKCS #11 module.
7300 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7302 * tests/suite/pkcs11-chainverify.c: updated test to run in more
7305 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7307 * lib/pkcs11.c: set the same flags in the second search
7309 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7311 * .gitignore: ignore the softhsm test suite files.
7313 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7315 * tests/suite/testpkcs11: fixed bashisms
7317 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7319 * tests/suite/certs/create-chain.sh: depend on bash for the
7322 2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7324 * tests/mini-x509.c: Enhanced test to check that the correct number
7325 of certificates is received
7327 2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7329 * lib/gnutls_x509.c: corrected check for sorted server certificate
7332 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7334 * lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
7335 is specific to p11-kit trust modules.
7337 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7339 * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
7340 the certificate verification tests in PKCS #11-based verification
7343 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7345 * lib/x509/verify.c: Perform time check when removing a certificate
7346 in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
7348 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7350 * lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
7351 same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
7352 certificate, and the self-signed isn't in our pkcs11 trusted list,
7353 make sure that we search for the non-self-signed as well. This
7354 affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
7357 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7359 * lib/pkcs11.c: Allow manually loading a 'trusted' module.
7361 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7363 * lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
7364 libraries from the destructor. If we do and the PKCS #11 modules are already being unloaded, we may
7365 crash. If the deinitialization of the PKCS #11 subsystem is
7366 required then, gnutls_pkcs11_deinit() must be explicitly called.
7368 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7370 * tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
7371 test chains from chainverify program.
7373 2014-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7375 * configure.ac, tests/Makefile.am, tests/{key-id =>
7376 key-tests}/Makefile.am, tests/{key-id => key-tests}/README,
7377 tests/{key-id => key-tests}/ca-gnutls-keyid.pem, tests/{key-id =>
7378 key-tests}/ca-no-keyid.pem, tests/{key-id =>
7379 key-tests}/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
7380 tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
7381 tests/{key-id => key-tests}/key-ca.pem, tests/{key-id =>
7382 key-tests}/key-id, tests/{key-id => key-tests}/key-user.pem,
7383 tests/key-tests/pkcs8: Added self-test for PKCS #8 key conversion
7386 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7388 * tests/chainverify.c: the chainverify test ensures that there is no
7389 diverge between different verification functions.
7391 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7393 * lib/x509/verify-high.c: When verifying check for the same
7394 certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
7395 certificate, and the self-signed isn't in our trusted list, make
7396 sure that we search for the non-self-signed in our list as well.
7397 This affects, gnutls_x509_trust_list_verify_crt() and makes its
7398 results identical to gnutls_x509_crt_list_verify().
7400 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7402 * README-alpha: mention test on smart card support
7404 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7406 * README: Added make check to the make process in README
7408 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7412 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7414 * src/certtool-args.def, src/certtool-common.c,
7415 src/certtool-common.h, src/certtool.c: changed the behavior in
7416 certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
7417 output. The previous behavior of encrypting using an empty password
7418 can be replicated using --empty-password.
7420 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7422 * src/certtool-args.def: Updated documentation on null-password and
7423 password options of certtool.
7425 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7427 * tests/suite/testrandom: Added test to check verification with
7428 randomly generated certificates.
7430 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7432 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
7433 src/certtool.c: Combined the code to set CRL next update with
7434 certificate expiration date.
7436 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7440 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7442 * src/certtool-cfg.c: corrected typo
7444 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7446 * src/certtool-common.c: improved error message
7448 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7450 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
7451 src/certtool.c: When a CRL serial number is not specified, generate
7454 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7456 * doc/cha-shared-key.texi: doc update
7458 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7460 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
7461 lib/priority_options.gperf: Added priority string
7462 %DISABLE_WILDCARDS. This will disable any wildcard matching when comparing hostnames in
7465 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
7467 * NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
7468 lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
7469 lib/includes/gnutls/x509.h, lib/libgnutls.map,
7470 lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
7471 lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
7472 tests/hostname-check.c: Added verification flag to disable wildcard
7473 checking This adds the verification flag
7474 GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
7475 gnutls_x509_crt_check_hostname2(),
7476 gnutls_openpgp_crt_check_hostname2().
\v\18
7478 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
7482 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
7484 * tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
7485 tests/cert-tests/ca-no-pathlen.pem,
7486 tests/cert-tests/complex-cert.pem,
7487 tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
7488 SHA256 fingerprint output in certtool
7490 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
7492 * lib/x509/x509.c: doc update
7494 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
7496 * lib/x509/output.c: Print the SHA256 fingerprint of the certificate
7497 in addition to SHA1.
7499 2014-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7501 * lib/verify-tofu.c: doc update
7503 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7505 * lib/gnutls_ui.c: simplified
7506 gnutls_certificate_client_get_request_status() - no error is
7509 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7511 * lib/gnutls_record.c: doc update
7513 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7515 * lib/gnutls_record.c: cleaned up documentation of
7516 gnutls_record_send()
7518 2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7520 * tests/chainverify.c: Added test for CVE-2014-0092
7522 2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7524 * tests/Makefile.am: removed reference to mini_xssl
7526 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
7528 * tests/chainverify.c: Added self checks for various verification
7531 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
7533 * tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
7534 uncork usage under DTLS.
7536 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
7538 * lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
7541 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
7543 * lib/gnutls_priority.c: using the SYSTEM priority string will fail
7544 if there is no system file
7546 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
7548 * doc/cha-gtls-app.texi: doc update
7550 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
7552 * NEWS: reformatted NEWS entries
7554 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
7556 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
7557 lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
7558 security. Introduced the LEGACY keyword which will enable the settings used in
7559 GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
7560 compatibility with weak or misconfigured servers is required.
7562 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
7564 * doc/manpages/Makefile.am: replaced wrong manpage generation
7567 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
7569 * lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
7570 lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation
7572 2014-03-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7574 * README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
7575 dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of
7576 GnuTLS can be redistributed. Update the README to reflect this change.
7578 2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7580 * configure.ac: Fix patch version calculation when it contains
7583 2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7585 * configure.ac: print RSA-EXPORT status
7587 2014-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7589 * lib/gnutls_str.c: use isascii instead of isprint for
7590 internationalized name detection
7592 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
7594 * m4/hooks.m4: bump so version
7596 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
7598 * src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
7601 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
7603 * lib/auth/dh_common.c: add a check for invalid DH parameters.
7605 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
7607 * tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
7608 DHE prime and exponent size.
7610 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
7612 * doc/TODO: doc update
7614 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7616 * tests/x509-extensions.c: fixed test to use the correct function
7619 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7621 * lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
7622 lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
7623 tests/hostname-check.c: Severely simplified hostname matching. Now only wildcards only the leftmost position of the string are
7624 allowed (followed by at least two components), and are only taken
7625 into account into ascii strings. Non-ascii strings are compared
7626 byte-by-byte. That means that wildcards in the form
7627 bar*foo.example.com are no longer accepted, as well as wildcards of
7628 the form *.*.*.example.com.
7630 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7632 * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
7633 use commit suffix for functions that return a status code.
7635 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7637 * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
7640 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7644 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7646 * src/certtool-args.def: the longer e-mail caused crash in autogen's
7649 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7651 * NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
7652 doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
7653 lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
7654 lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
7655 lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
7656 some of the newly introduced functions
7658 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7660 * lib/gnutls_x509.c: set the invalid flag when the owner is
7663 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7665 * lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
7666 tests/hostname-check.c: Changed the behaviour in wildcard acceptance
7667 in certificates. Wildcards are only accepted when there are more than two domain
7668 components after the wildcard. This will prevent accepting
7669 certificates from CAs that issued '*.com', or 'www.*'.
7671 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7675 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7677 * tests/x509-extensions.c: Added more key usage flags in the test
7678 for x509-extensions.
7680 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7682 * tests/x509-extensions.c: x509-extensions test will fail if an
7683 unhandled extension is found.
7685 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7687 * lib/Makefile.am: ship the gperf file and the generated one.
7689 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7691 * .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
7692 doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update
7694 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7696 * doc/cha-cert-auth.texi: documented the new X.509 extension API
7698 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7700 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
7701 can now write more than a single crl_dist_point.
7703 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7705 * tests/Makefile.am, tests/cert-tests/template-test.pem,
7706 tests/cert-tests/template-test.tmpl,
7707 tests/cert-tests/template-utf8.pem,
7708 tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
7709 tests/x509-extensions.c: Added unit tests for new API
7711 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
7713 * lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
7714 lib/includes/gnutls/x509.h, lib/libgnutls.map,
7715 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
7716 lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
7717 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
7718 lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
7719 X.509 extensions. This API handles the X.509 extensions in separate, allowing to parse
7720 similarly formatted extensions stored in other structures. In
7721 addition functions that simplify the extraction of extensions from
7722 known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.
7724 2014-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7728 2014-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
7730 * lib/x509/extensions.c: Corrected error checking in
7731 _gnutls_x509_ext_gen_proxyCertInfo
7733 2014-03-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
7735 * doc/TODO: doc update
7737 2014-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7739 * src/serv.c: initialize pointer
7741 2014-03-12 Luis G.F <luisgf@gmail.com>
7743 * src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
7744 reference is lost if an allocation error occured. Signed-off-by: Luis G.F <luisgf@luisgf.es>
7746 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7748 * src/certtool-cfg.c: use the number of seconds as serial in 32-bit
7751 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7753 * lib/auth/cert.c: Only check PK compatibility in client side but
7754 also when using openpgp certs.
7756 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7758 * lib/algorithms/kx.c: corrected initializer
7760 2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7762 * lib/auth/cert.c: shortend static function names.
7764 2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7766 * lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
7767 that the algorithm of the received certificate matches the expected.
7769 2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7773 2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7775 * doc/Makefile.am, doc/cha-functions.texi,
7776 doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
7777 doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
7778 doc/manpages/Makefile.am, lib/Makefile.am,
7779 lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
7780 lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
7781 tests/mini-xssl.c: The xssl experimental library was removed. While the idea of a high level library is nice, there are no
7782 resources to maintain an additional library.
7784 2014-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7786 * configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
7787 enable linking with nettle-mini
7789 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7791 * lib/x509/verify.c: re-enabled certificate verification
7793 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7795 * lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
7796 SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
7797 defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
7798 under SSL 3.0, it will during MAC initialization.
7800 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7802 * lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
7803 lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
7804 lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
7805 lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
7806 lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
7807 lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
7808 lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
7809 lib/x509/x509.c: stricter type usage
7811 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7813 * lib/accelerated/x86/aes-padlock.h,
7814 lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
7815 lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
7818 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7820 * lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
7821 lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
7822 lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
7825 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7827 * lib/x509/common.c: silence some warnings
7829 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7831 * lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
7832 lib/verify-tofu.c: clang warning fixes
7834 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7836 * src/certtool-cfg.c: removed unused variables.
7838 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
7840 * src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
7841 will not be able to find the input file if GnuTLS is built out of
7842 tree, e.g. mkdir build cd build ../configure make Also, add missing targets for %-args.h, to avoid this error: make[2]: Entering directory `/home/user/gnutls/src' autogen srptool-args.def autogen psk-args.def make[2]: *** No rule to make target `ocsptool-args.h', needed by
7843 `all'. Stop. make[2]: Leaving directory
7844 `/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
7845 instead of using a GNU '%' pattern rule:
7846 https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>
7848 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
7850 * .gitignore, doc/Makefile.am: Fix build failures involving
7851 doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
7852 with no input file and it will hang forever waiting for content from
7853 stdin: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums cd ../src/ && autogen -Tagtexi-cmd.tpl && \ rm -f ../doc/invoke-gnutls-cli.texi && \ ../doc/scripts/cleanup-autogen.pl
7854 <../src/invoke-gnutls-cli.texi
7855 >../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
7856 ../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
7857 rm -f ../src/invoke-gnutls-cli.texi <HANG> Since these documents are @include'd by other documents, it is
7858 probably a good idea to make sure the targets are buildable in case
7859 they get listed as prerequisites. 2) SRC_DEF_* used relative paths which are correct for an in-place
7860 build, but incorrect for an out-of-tree build. They should use
7861 something like $(top_srcdir)/src to resolve the ambiguity. 3) cleanup-autogen.pl was also referenced using a relative pathname,
7862 breaking out-of-tree builds. 4) The non-portable "sed -i" flag was used. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
7864 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
7866 * README-alpha: README-alpha: Add gperf dependency for building from
7867 git Without gperf, priority-options.h does not get built and this
7868 results in a compile error. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
7870 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
7872 * src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
7873 missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
7875 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7877 * lib/x509/verify.c: more type separation
7879 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7881 * src/Makefile.am: use psktool-args
7883 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7885 * lib/x509/verify.c: more type separation
7887 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7889 * lib/x509/verify.c: separated types for easier verification
7891 2014-03-06 Kevin Cernekee <cernekee@gmail.com>
7893 * .gitignore, doc/manpages/Makefile.am, src/Makefile.am, src/psk.c,
7894 src/{psk-args.def => psktool-args.def}: Rename psk-args.def to
7895 psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
7896 currently invoke-psktool.texi is generated from psk-args.def. If we
7897 make psktool conform to the same convention as the other utilities,
7898 we can use a generic pattern to handle all of them the same way. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
7900 2014-03-06 Kevin Cernekee <cernekee@gmail.com>
7902 * doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
7903 $(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum <
7904 ../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
7905 file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
7907 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7909 * lib/openpgp/extras.c: Ensure failure when no base64 data have been
7910 read. Suggested by Ramkumar Chinchani.
7912 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7914 * lib/Makefile.am: xssl compilation fix; patch by Colin Leroy
7916 2014-03-05 Jason Spafford <nullprogrammer@gmail.com>
7918 * lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
7919 parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
7921 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7923 * Makefile.am, symbols.last: Added symbol check prior to release
7924 (after discussion with Andreas Metzler)
7926 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7928 * doc/Makefile.am, doc/manpages/Makefile.am: updated doc
7930 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7932 * build-aux/test-driver, build-aux/ylwrap: updated build-aux files
7934 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7936 * doc/Makefile.am: removed no-split as it causes issues in pdf
7939 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7941 * gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
7942 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
7943 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
7944 gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
7945 gl/tests/test-bind.c, gl/tests/test-connect.c,
7946 gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
7947 gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
7950 2014-03-05 Nick Alcock <nick.alcock@oracle.com>
7952 * configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
7953 if autogen is not needed. After commit 6addbc3, specifying --enable-local-libopts
7954 unconditionally replaces the autogen-erated files with their
7955 distributed copies, and substitutes AUTOGEN to false. The assumption here is that if --enable-local-libopts is not
7956 specified, autogen cannot be installed, and that the distributed
7957 copies necessarily exist. Neither assumption is always correct.
7958 e.g. someone building a 32-bit copy of GnuTLS from git with a copy
7959 of autogen on their system will have a 64-bit copy of libopts, and a
7960 working /usr/bin/autogen, but not a 32-bit libopts. Since building
7961 autogen depends on Guile, this is a rather heavyweight pile of gear
7962 to require. (You can force a successful build in this case, but it
7963 requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
7964 distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
7965 we do not substitute AUTOGEN, so as to let any copy of autogen that
7966 configure found on the system do its job if necessary, while not
7967 forcing the user to link against the copy of libopts which came with
7968 that autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7970 2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7972 * configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
7973 lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c:
7974 session tickets can be disabled
7976 2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7978 * doc/examples/Makefile.am, lib/ext/cert_type.c,
7979 lib/ext/status_request.c, lib/gnutls_extensions.c,
7980 lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c:
7981 increased code disabled from disable-ocsp and disable-openpgp
7984 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7986 * doc/cha-gtls-app.texi, lib/ext/Makefile.am,
7987 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
7988 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
7989 lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
7990 lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
7991 lib/priority_options.gperf, src/cli-args.def,
7992 tests/mini-record-2.c, tests/mini-record-range.c,
7993 tests/mini-record.c: NEW_PADDING has been removed. This extension did not get accepted by IETF so it is now being
7994 removed. The gnutls_range API is kept in case length hiding is
7995 implemented in a different way at some point.
7997 2014-03-05 Ludovic Courtès <ludo@gnu.org>
7999 * doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
8002 2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8004 * m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.
8006 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8008 * doc/examples/Makefile.am: examples include both gnulibs
8010 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8012 * src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
8013 src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
8014 src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
8015 src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
8016 src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
8017 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
8018 src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
8019 src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
8020 src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
8021 src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl
8023 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8025 * gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
8026 gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
8027 gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
8028 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
8029 gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
8030 gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
8031 gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
8032 gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
8033 gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
8034 gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
8035 gl/tests/test-getline.c: removed getpass from gl/
8037 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8039 * .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates
8041 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8043 * src/Makefile.am: changes for new gnulib in src/
8045 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8047 * lib/nettle/rnd-common.c: corrent error print in win32
8049 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8051 * lib/fips.c, lib/system.c: Changes to account for the reduced
8054 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8056 * src/crywrap/crywrap.c: added missing declaration
8058 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8060 * lib/gnutls_global.c: removed any dependencies to gnulib network
8063 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8065 * lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
8066 insistence to replace strerror
8068 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8070 * src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
8071 src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
8072 src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
8073 src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
8074 src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
8075 src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
8076 src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
8077 src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
8078 src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
8079 src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
8080 src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
8081 src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
8082 src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
8083 src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
8084 src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
8085 src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
8086 src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
8087 src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
8088 src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
8089 src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
8090 src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
8091 src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
8092 src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
8093 src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
8094 src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
8095 src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
8096 src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
8097 src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
8098 src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
8099 src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
8100 src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
8101 src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
8104 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8106 * gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
8107 gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
8108 gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
8109 gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
8110 gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
8111 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
8112 gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
8113 gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
8114 gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
8115 gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
8116 gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
8117 gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
8118 gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
8119 gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
8120 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
8121 gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
8122 gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
8123 gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
8124 gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
8125 gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
8126 gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
8127 gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
8128 gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
8129 gl/tests/test-accept.c, gl/tests/test-close.c,
8130 gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
8131 gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
8132 gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
8133 gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
8134 gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
8135 gl/tests/test-listen.c, gl/tests/test-lstat.c,
8136 gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
8137 gl/tests/test-pathmax.c, gl/tests/test-perror.c,
8138 gl/tests/test-perror.sh, gl/tests/test-perror2.c,
8139 gl/tests/test-pipe.c, gl/tests/test-recv.c,
8140 gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
8141 gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
8142 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
8143 gl/tests/test-select.h, gl/tests/test-send.c,
8144 gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
8145 gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
8146 gl/tests/test-stat.c, gl/tests/test-stat.h,
8147 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
8148 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
8149 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
8152 2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8154 * src/crywrap/crywrap.c: fixed more memory leaks in crywrap
8156 2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8158 * src/crywrap/crywrap.c: addressed memory leak in crywrap.c
8160 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8162 * lib/x509/verify-high.c: check the blacklist for certificates
8163 provided in gnutls_x509_trust_list_verify_named_crt().
8165 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8167 * configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
8170 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8172 * doc/cha-library.texi: rsa-export is no more
8174 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8176 * doc/cha-library.texi: updated option for TPM
8178 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8182 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8184 * src/common.h: replace select() on windows
8186 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8188 * lib/gnutls_buffers.c: print message before failing when the pull
8189 timeout function isn't replaced.
8191 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8193 * lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
8194 SHA1; suggested by Manuel Pégourié-Gonnard.
8196 2014-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8198 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
8199 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
8200 build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
8201 build-aux/useless-if-before-free, build-aux/vc-list-files,
8202 doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
8203 gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
8204 gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
8205 gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
8206 gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
8207 gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
8208 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
8209 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
8210 gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
8211 gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
8212 gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
8213 gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
8214 gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
8215 gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
8216 gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
8217 gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
8218 gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
8219 gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
8220 gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
8221 gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
8222 gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
8223 gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
8224 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
8225 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
8226 gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
8227 gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
8228 gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
8229 gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
8230 gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
8231 gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
8232 gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
8233 gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
8234 gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
8235 gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
8236 gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
8237 gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
8238 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
8239 gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
8240 gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
8241 gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
8242 gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
8243 gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
8244 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
8245 gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
8246 gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
8247 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
8248 gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
8249 gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
8250 gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
8251 gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
8252 gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
8253 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
8254 gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
8255 gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
8256 gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
8257 gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
8258 gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
8259 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
8260 gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
8261 gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
8262 gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
8263 gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
8264 gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
8265 gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
8266 gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
8267 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
8268 gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
8269 gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
8270 gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
8271 gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
8272 gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
8273 gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
8274 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
8275 gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
8276 gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
8277 gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
8278 gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
8279 gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
8280 gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
8281 gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
8282 gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
8283 gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
8284 gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
8285 gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
8286 gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
8287 gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
8288 gl/tests/test-base64.c, gl/tests/test-binary-io.c,
8289 gl/tests/test-bind.c, gl/tests/test-byteswap.c,
8290 gl/tests/test-c-ctype.c, gl/tests/test-close.c,
8291 gl/tests/test-connect.c, gl/tests/test-dup2.c,
8292 gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
8293 gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
8294 gl/tests/test-float.c, gl/tests/test-fputc.c,
8295 gl/tests/test-fread.c, gl/tests/test-fseek.c,
8296 gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
8297 gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
8298 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
8299 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
8300 gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
8301 gl/tests/test-func.c, gl/tests/test-fwrite.c,
8302 gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
8303 gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
8304 gl/tests/test-getline.c, gl/tests/test-getpeername.c,
8305 gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
8306 gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
8307 gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
8308 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
8309 gl/tests/test-ioctl.c, gl/tests/test-listen.c,
8310 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
8311 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
8312 gl/tests/test-netinet_in.c, gl/tests/test-open.c,
8313 gl/tests/test-open.h, gl/tests/test-pathmax.c,
8314 gl/tests/test-perror.c, gl/tests/test-perror2.c,
8315 gl/tests/test-pipe.c, gl/tests/test-read-file.c,
8316 gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
8317 gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
8318 gl/tests/test-select.c, gl/tests/test-select.h,
8319 gl/tests/test-send.c, gl/tests/test-sendto.c,
8320 gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
8321 gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
8322 gl/tests/test-sockets.c, gl/tests/test-stat.c,
8323 gl/tests/test-stat.h, gl/tests/test-stdalign.c,
8324 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
8325 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
8326 gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
8327 gl/tests/test-strerror_r.c, gl/tests/test-string.c,
8328 gl/tests/test-strings.c, gl/tests/test-strnlen.c,
8329 gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
8330 gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
8331 gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
8332 gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
8333 gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
8334 gl/tests/test-sys_wait.h, gl/tests/test-time.c,
8335 gl/tests/test-u64.c, gl/tests/test-unistd.c,
8336 gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
8337 gl/tests/test-vc-list-files-cvs.sh,
8338 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
8339 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
8340 gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
8341 gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
8342 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
8343 gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
8344 src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
8345 src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
8346 src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
8347 src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
8348 src/gl/intprops.h, src/gl/m4/00gnulib.m4,
8349 src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
8350 src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
8351 src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
8352 src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
8353 src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
8354 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
8355 src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
8356 src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
8357 src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
8358 src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
8359 src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
8360 src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
8361 src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
8362 src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
8363 src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
8364 src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
8365 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
8366 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
8367 src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
8368 src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
8369 src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
8370 src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
8371 src/gl/parse-datetime.h, src/gl/parse-datetime.y,
8372 src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
8373 src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
8374 src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
8375 src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
8376 src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
8377 src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
8378 src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
8379 src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c:
8382 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8384 * lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
8385 when they are available in TLS1.0
8387 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8389 * lib/gnutls_priority.c: The default priority is reset to NORMAL
8391 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8393 * lib/gnutls_priority.c: Revert "the default priorities are reset to
8394 be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.
8396 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8398 * doc/cha-gtls-app.texi: mention SHA384 as MAC option
8400 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8402 * src/cli-args.def, src/serv-args.def: documented the defaults
8404 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8406 * lib/gnutls_priority.c: the default priorities are reset to be
8407 NORMAL. Reported by Manuel Pégourié-Gonnard.
8409 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8411 * src/serv-args.def: Add required priorities
8413 2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
8415 * lib/x509/verify.c: Preinitialize values; suggested by Sebastian
8416 Krahmer and Tomas Hoger.
8418 2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
8420 * lib/x509/verify.c: added doc on is_issuer() checks
8422 2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
8424 * lib/gnutls_cert.c: removed not trusted message; reported by Michel
8427 2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
8429 * tests/chainverify.c: updated for verification updates
8431 2014-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
8433 * lib/x509/verify.c: Updated verification function
8435 2014-02-22 Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
8437 * src/cli-args.def, src/cli.c: New option --stricttofu for
8438 gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
8439 certificate changes. I added the option --stricttofu that omits the
8440 question and fails instead. The contribution is in accordance to the "Developer's Certificate of
8441 Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>
8443 2014-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8445 * lib/gnutls_handshake.c: moved priorities check to the first call
8448 2014-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8450 * lib/nettle/rnd-common.c: removed duplicate definition; reported by
8453 2014-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
8455 * doc/README.CODING_STYLE: updated coding style
8457 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8461 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8463 * tests/cert-tests/template-nc.pem: added cert
8465 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8467 * tests/cert-tests/template-test: corrected check
8469 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8471 * lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
8474 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8476 * tests/suite/testdane: updated
8478 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8482 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8484 * lib/x509/name_constraints.c: When appending a name, ensure that we
8485 append to the end of the list.
8487 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8489 * lib/x509/name_constraints.c: use gnutls_free()
8491 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8493 * src/certtool-args.def: corrected email in texi
8495 2014-02-20 Attila Molnar <attilamolnar@hush.com>
8497 * lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
8498 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
8499 resistance against guessing usernames When a client tries to authenticate using an unknown username,
8500 instead of generating a random salt every time, generate the salt
8501 based on the username and a secret seed. The seed is settable by the application, allowing servers to re-use
8502 the same seed after a restart. A random seed is generated for each newly allocated SRP server
8503 credentials structure, meaning that applications not using the new
8504 API to set the seed continue to work and gain limited advantage
8505 (because they use a different seed after every restart). For further information see section 2.5.1.3. in RFC 5054. Signed-off-by: Attila Molnar <attilamolnar@hush.com>
8507 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8509 * lib/x509/verify-high.c: small artistic changes
8511 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
8513 * lib/x509/verify.c: check against the success value
8515 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8517 * lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
8518 bool types when needed.
8520 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8522 * lib/x509/verify.c: ensure failure when parsing fails.
8524 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8526 * lib/x509/name_constraints.c: allow ip address as constraint
8528 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8530 * lib/x509/verify.c: Added check for IPaddress
8532 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8536 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8538 * tests/chainverify.c: Added tests for name constraints addition.
8540 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8542 * src/certtool.c: better error printing
8544 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8546 * lib/x509/extensions.c: corrected empty name check
8548 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8550 * tests/cert-tests/template-nc.pem,
8551 tests/cert-tests/template-nc.tmpl: Updated test for name constraints
8552 to include empty constraints names.
8554 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8556 * lib/x509/output.c: pretty print empty DNSnames
8558 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8560 * lib/x509/common.c, lib/x509/name_constraints.c:
8561 _gnutls_x509_read_value() can now read empty values.
8563 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8565 * lib/x509/extensions.c: Allow empty names.
8567 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8569 * src/certtool-cfg.c: removed debugging
8571 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8573 * lib/x509/extensions.c: Added check for null
8575 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8577 * lib/x509/name_constraints.c: If alternative names are found, don't
8578 bother checking the DN.
8580 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8582 * tests/suite/certs/create-chain.sh: Added tool to create a
8585 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8587 * lib/x509/output.c: properly indent name constraints
8589 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8591 * lib/x509/x509.c: _gnutls_parse_general_name2() will return the
8594 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8596 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
8597 src/certtool.c, tests/cert-tests/Makefile.am,
8598 tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test:
8599 certtool allows setting name constraints.
8601 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8603 * lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
8606 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8608 * lib/x509/verify.c: simplify names
8610 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8612 * lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
8615 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8617 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
8618 lib/x509/name_constraints.c: Added
8619 gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
8622 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8624 * lib/x509/name_constraints.c, tests/name-constraints.c,
8625 tests/suppressions.valgrind: Added support for e-mail constraints.
8627 2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8629 * tests/name-constraints.c: Added more constraints tests for
8630 unsupported structures.
8632 2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8634 * lib/x509/name_constraints.c: Corrected check for present
8635 constraints in unsupported types.
8637 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8639 * doc/examples/ex-ocsp-client.c: fix small leak
8641 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8643 * src/ocsptool.c: When verifying a response and a signer isn't
8644 provided assume that the signer is the issuer.
8646 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8648 * src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
8649 src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
8650 check if it is available on the reply.
8652 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8654 * lib/x509/name_constraints.c: properly deinitialize name
8655 constraints structure.
8657 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8659 * doc/examples/ex-ocsp-client.c: Verify in example that the sent
8660 nonce matches the received nonce. Reported by Benny Baumann.
8662 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8664 * tests/name-constraints.c: Added missing file
8666 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8668 * lib/priority_options.gperf: priority string flag
8669 VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy
8671 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8673 * lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
8674 handshake timers when gnutls_handshake() is called.
8676 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8678 * tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
8679 catch a timeout issue in handshake().
8681 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8683 * lib/gnutls_handshake.c: doc update
8685 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8687 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
8688 multiple flags in gnutls_x509_crt_get_name_constraints()
8690 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8692 * lib/x509/name_constraints.c: Do not deinitialize the constraints
8693 structure when reading the constraints fails.
8695 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8697 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
8698 lib/x509/output.c: Allow appending name constraints.
8700 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8702 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
8703 setting a non-critical name-constraints extension.
8705 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8707 * lib/x509/name_constraints.c: better checking of unsupported
8710 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8714 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8716 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
8717 lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
8718 lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
8719 lib/x509/x509_int.h, tests/Makefile.am: Added support for name
8720 constraints X.509 extension. This allows to generate and read the name constraints extension, as
8721 well as check against the DNSNAME value.
8723 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8725 * configure.ac: depend on p11-kit 0.20.0 or later
8727 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8729 * tests/chainverify.c: changed names for clarity
8731 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8733 * lib/gnutls_pcert.c: Corrected bug in
8734 gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if
8735 gnutls_x509_crt_list_import() would fail with the provided data.
8736 Reported by Dmitriy Anisimkov.
8738 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8740 * tests/suppressions.valgrind: corrected suppressions file
8742 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8744 * lib/includes/gnutls/x509.h: do not mention
8745 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation
8747 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8749 * lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
8750 lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
8751 tests/chainverify.c: removed deprecated flag
8753 2014-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8755 * doc/latex/cover.tex: added Ted
8757 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8759 * lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.
8761 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8763 * lib/gnutls_privkey.c: set value to null after releasing
8765 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8767 * tests/slow/keygen.c: generate keys in the acceptable sizes in
8770 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8772 * tests/crq_key_id.c: generate 2048 bit keys in RSA mode
8774 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8776 * lib/x509/x509.c, lib/x509/x509_int.h: Added
8777 _gnutls_parse_general_name2()
8779 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8781 * lib/x509/common.c: ensure that _gnutls_x509_read_value works as
8784 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8786 * lib/x509/verify.c: ensure that the issuer in present in a trusted
8789 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8791 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
8792 GNUTLS_PKCS11_TOKEN_TRUSTED_UINT
8794 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8796 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
8797 GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().
8799 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8801 * lib/x509/verify.c: Use the
8802 GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
8803 trusted modules are used.
8805 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8807 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h:
8808 Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a
8809 marked as trusted PKCS #11 module. The marking is done on p11-kit
8812 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
8814 * lib/pkcs11.c: mark trusted p11-kit modules as trusted.
8816 2014-02-12 Marcus Meissner <meissner@suse.de>
8818 * src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
8819 for the ipv6 address fails, this loop would fail and abort the
8820 socket listen code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8822 2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8824 * doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.
8826 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8828 * tests/chainverify.c: Added test for pathlen constraints.
8830 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8832 * tests/chainverify.c: Added check for v1 intermediate CA
8835 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8837 * lib/x509/verify.c: Fix bug that prevented the rejection of v1
8838 intermediate CA certificates. Reported by Suman Jana.
8840 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8842 * lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function
8844 2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
8848 2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
8850 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
8851 timestamps for serial numbers.
8853 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8855 * maint.mk: updated indent cmd
8857 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8859 * cfg.mk: corrected indent parameters
8861 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8863 * lib/accelerated/x86/aes-cbc-x86-aesni.c,
8864 lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h:
8865 do not redefine the _gnutls_x86_cpuid_s symbol
8867 2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8869 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
8870 security levels of PFS, SECURE128 and SECURE192 keywords.
8872 2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8874 * lib/gnutls_priority.c: reduced security levels of SECURE128 and
8877 2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
8879 * tests/mini-record-2.c: only test libz if it is available
8881 2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
8883 * tests/mini-record-2.c: check errors from
8884 gnutls_priority_set_direct().
8886 2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8888 * doc/cha-tokens.texi: doc update
8890 2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8892 * lib/nettle/rnd.c: increased the interval between reading
8895 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8897 * po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
8898 po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
8899 po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.
8901 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8903 * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
8904 src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
8905 certtool option to allow asking for passwords even when in batch
8908 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8910 * src/certtool-common.c: use newlines in error printing
8912 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8914 * lib/x509/verify.c: when using a PKCS #11 module for verification
8915 ensure that it has been marked a trusted module in p11-kit.
8917 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8919 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
8920 GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
8921 p11-kit's P11_KIT_MODULE_TRUSTED flag.
8923 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8925 * lib/gnutls_priority.c: use macros to set the level.
8927 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8929 * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
8930 reference manual to remove individual indexes that were not working.
8932 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8934 * tests/suite/ciphersuite/test-ciphersuites.sh: corrected
8935 test-ciphersuites.sh test
8937 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8939 * lib/gnutls_priority.c: consider the initial keyword set even when
8942 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8944 * lib/gnutls_priority.c: When two initial keywords are specified
8945 then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as
8946 SECURE256:+SECURE128.
8948 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8950 * lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
8951 multiple initial keywords in a priority string, the security level
8952 set is the one of the lowest security.
8954 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8956 * lib/x509/verify.c: better wording
8958 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8960 * lib/nettle/pk.c: corrected bug in DH exponent size calculation.
8962 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8964 * lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
8965 extension. This is an extension that is defined to be sent by the client but
8966 there are servers that include it as well. Most other
8967 implementations tolerate this behavior so we do.
8969 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8971 * lib/algorithms/ciphersuites.c: corrected typo
8973 2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8975 * lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
8976 requirements for all ciphersuites that are not GCM.
8978 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
8980 * lib/nettle/pk.c: return proper error on RSA key generation failure
8982 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
8984 * lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c:
8987 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
8989 * lib/gnutls_hash_int.c: Added sanity check in hash_init() and
8992 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
8994 * lib/nettle/rnd.c: use some kind of key continuity in the nonce
8997 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
9001 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
9003 * lib/x509/privkey.c: when importing public keys set the correct
9006 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
9008 * lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
9011 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
9013 * lib/nettle/int/dsa-keygen-fips186.c: corrected calculation
9015 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
9017 * lib/includes/gnutls/gnutls.h.in: corrected prototype
9019 2014-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
9021 * lib/libgnutls.map, lib/nettle/Makefile.am,
9022 lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
9023 lib/nettle/pk.c: Added FIPS184-4 RSA key generation.
9025 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9027 * lib/gnutls_db.c, lib/libgnutls.map: rename function
9029 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9031 * lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
9032 lib/libgnutls.map: Added gnutls_db_get_cache_expiration()
9034 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9036 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.
9038 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9042 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9044 * lib/nettle/pk.c: removed unused variables
9046 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9048 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
9049 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
9050 gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().
9052 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9054 * lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
9055 lib/x509/privkey.c: Allow verification of public and private
9058 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9060 * lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
9063 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9065 * tests/resume.c: Added check for gnutls_db_check_entry_time().
9067 2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9071 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9073 * lib/gnutls_db.c: correctly read the magic number and timestamp;
9074 report and patch by Jonathan Roudiere
9076 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9078 * doc/scripts/getfuncs-map.pl: updated for new functions
9080 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9082 * NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
9083 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
9084 functions to export. gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
9085 gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
9086 gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
9087 gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw
9089 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9091 * lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
9092 lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512
9094 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9096 * lib/libgnutls.map: exported function needed for fips test
9098 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9100 * lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
9101 lib/gnutls_privkey_raw.c: compile missing file
9103 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9105 * lib/gnutls_privkey.c: indented
9107 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9109 * lib/gnutls_privkey.c: eliminated memory leak when generating a
9110 privvate key using gnutls_privkey_generate().
9112 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9114 * NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
9115 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
9116 to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
9117 gnutls_privkey_import_rsa_raw
9119 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9121 * lib/nettle/pk.c: corrected usage of privkey
9123 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9125 * tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
9128 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9130 * lib/x509/common.c: optimized string search in _oid2str table.
9132 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9134 * lib/x509/dn.c: copyright update
9136 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9138 * lib/x509/common.c: fixed null pointer derefence when printing a
9139 name and an LDAP description isn't present for the OID
9141 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9143 * doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
9144 gnutls_realloc_fast to false positives Conflicts: lib/libgnutls.map
9146 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9148 * Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
9149 to release verify that the exported functions in the .map file match
9152 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9154 * lib/libgnutls.map: exported missing functions
9156 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9158 * lib/libgnutls.map: exported function
9160 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9162 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
9163 lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
9166 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9168 * tests/mini-global-load.c: removed non-working test for static
9171 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9173 * lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.
9175 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9179 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9181 * tests/rng-fork.c: increased the number of bytes requested by the
9184 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9186 * lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
9187 The AES-CTR-based nonce random number generator was replaced with
9190 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9192 * .gitignore: more files to ignore
9194 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9196 * lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
9197 lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
9198 function prototypes.
9200 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9202 * lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
9203 the prototype of _gnutls_mpi_div
9205 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9207 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
9208 lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
9209 prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
9212 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9214 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
9215 lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
9216 prototype of _gnutls_mpi_powm
9218 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9220 * lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
9221 lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
9222 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
9223 lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
9224 lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
9225 lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
9228 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9230 * lib/nettle/pk.c: reduced warnings
9232 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9234 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
9235 lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
9236 lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
9237 _gnutls_mpi_set_ui,, _gnutls_mpi_copy
9239 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9241 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
9242 lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
9245 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9247 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
9248 lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
9249 lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
9250 added _gnutls_mpi_init_multi
9252 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9254 * lib/nettle/rnd.c: reduced the number of system calls made during
9255 the random generator lock.
9257 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9259 * doc/examples/ex-cert-select-pkcs11.c,
9260 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
9261 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
9262 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
9263 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
9264 lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
9265 string by default in examples (not yet).
9267 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9271 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9273 * lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
9274 to avoid becoming a bottleneck on processes with many threads.
9276 2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9278 * src/common.h: corrected push/pull function setting
9280 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
9282 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
9283 lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()
9285 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
9287 * lib/nettle/int/dsa-keygen-fips186.c,
9288 lib/nettle/int/dsa-validate.c: do not impose limits to index
9290 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
9292 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
9293 lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c:
9294 Fixes in the Shawe-Taylor prime generation routine.
9296 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
9298 * lib/nettle/int/provable-prime.c: cleanups
9300 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9302 * lib/nettle/int/dsa-keygen-fips186.c: increased seed length
9304 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9306 * lib/nettle/int/provable-prime.c: cleanups
9308 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9310 * lib/nettle/int/provable-prime.c: indented code
9312 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9314 * lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
9315 _gnutls_pk_params_copy makes a full duplicate.
9317 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9319 * lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
9320 lib/x509/privkey.c: Added macros to allow specifying a subgroup for
9323 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9325 * lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.
9327 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9329 * NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
9330 lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
9331 lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
9332 new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
9333 Added gnutls_privkey_get_pk_rsa_raw: Added
9335 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9337 * lib/libgnutls.map: exported more internal functions
9339 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9341 * lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
9344 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9346 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
9347 lib/nettle/int/dsa-validate.c: Split the generation of keypair from
9348 the generation of parameters.
9350 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9352 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
9353 lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
9354 _dsa_validate_dss_g, and other fixes in validation.
9356 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9358 * lib/nettle/int/dsa-keygen-fips186.c,
9359 lib/nettle/int/dsa-validate.c: indented files
9361 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9363 * lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
9364 _dsa_generate_dss_pq
9366 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9368 * lib/nettle/int/dsa-keygen-fips186.c: fixed copyright
9370 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9372 * lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
9373 vectors for the fixed implementation.
9375 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9377 * lib/random.c: register FIPS140 random generator prior to
9380 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9382 * lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
9383 lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
9386 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9388 * lib/nettle/cipher.c: no point to fail on 3DES weak keys.
9390 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9392 * lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.
9394 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9396 * lib/crypto-api.c: use a single context for all stream ciphers.
9398 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9400 * lib/crypto-selftests.c: Added ARCFOUR-128 self test.
9402 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9404 * lib/gnutls_pubkey.c: always set subkey status
9406 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9408 * tests/mini-dtls-record.c: small updates in mini-dtls-record
9410 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9412 * lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS
9414 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9416 * lib/gnutls_handshake.c: simplified client hello generation
9418 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9420 * lib/gnutls_int.h: %COMPAT implies %DUMBFW
9422 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9424 * lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization
9426 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9428 * lib/gnutls_handshake.c: use a single buffer to generate the client
9431 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
9435 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
9437 * lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
9438 lib/random.c: The FIPS140 random number generator is enabled
9439 conditionally when required.
9441 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
9443 * lib/includes/gnutls/gnutls.h.in: removed duplicate function
9445 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
9447 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
9448 lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
9449 lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
9450 replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.
9452 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
9454 * lib/gnutls_global.c: use newline
9456 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
9458 * lib/gnutls_priority.c: when freeing priority_cache make sure it is
9461 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
9463 * lib/gnutls_x509.c: Clarified version
9465 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
9467 * NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h:
9468 gnutls_global_set_mem_functions was deprecated
9470 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
9472 * lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
9473 warning; all systems we support set this function.
9475 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9477 * doc/Makefile.am: generate info documentation in a single file
9479 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9481 * lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
9482 certificates is now replaced by the verification profiles.
9484 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9486 * lib/gnutls_int.h: no need to set profile to LOW as it is already
9489 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9491 * doc/examples/ex-cert-select-pkcs11.c,
9492 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
9493 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
9494 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
9495 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
9496 lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
9499 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9503 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9505 * lib/gnutls_priority.c: decreased certificate verification level to
9508 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9510 * lib/gnutls_int.h, lib/x509/verify.c: When verifying a
9511 certificate's security level ensure that the hash is within the
9514 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
9516 * lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
9517 lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()
9519 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9521 * tests/cert-tests/complex-cert.pem: updated test for level rename
9523 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9525 * tests/suppressions.valgrind: updated memxor3 suppression to cope
9526 with any usage of memxor3
9528 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9530 * lib/gnutls_priority.c: The correct priority will be used if SYSTEM
9533 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9535 * lib/x509/verify.c: do not immediately fail on verification failure
9536 due to insecure algorithm.
9538 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9540 * tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
9541 gnutls_priority_set_direct() to set a fixed priority string
9543 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9545 * lib/x509/verify-high.c: avoid allocation.
9547 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9549 * doc/examples/ex-cert-select-pkcs11.c,
9550 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
9551 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
9552 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
9553 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
9554 priorities based on version number in examples, and add dependency
9557 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9559 * doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
9560 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
9561 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
9562 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
9563 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
9564 lib/gnutls_priority.c: changes in SYSTEM semantics to allow
9565 appending rules to the default policy.
9567 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9569 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
9570 Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used
9571 to read the priorities. That can be used to impose system specific
9574 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9576 * lib/gnutls_priority.c: Weak sec-param was replaced with Low.
9578 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9580 * tests/sec-params.c: updated sec-params check
9582 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9584 * doc/cha-gtls-app.texi: doc update
9586 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9588 * NEWS, src/certtool-common.c, src/serv.c: more updates for the
9589 security param rename
9591 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9593 * tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
9594 test to check the expected values of security parameters.
9596 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9598 * doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update
9600 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9602 * lib/algorithms/secparams.c: security levels aligned to ENISA and
9603 other common practice recommendations.
9605 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9607 * NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
9608 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
9609 lib/priority_options.gperf, lib/x509/verify.c:
9610 GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
9611 Also when setting a PROFILE explicitly as priority string the
9612 session security level is adjusted accordingly.
9614 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9616 * doc/cha-gtls-app.texi: doc update
9618 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9620 * lib/Makefile.am, lib/gnutls_priority.c,
9621 lib/priority_options.gperf: Use gperf to find priority string
9624 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9626 * lib/gnutls_priority.c: verification profiles can be set
9627 individually as well.
9629 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9631 * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
9634 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9636 * lib/gnutls_priority.c: increased the overall security level unless
9637 %COMPAT is specified.
9639 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9641 * lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
9642 verification profiles when setting priority strings
9644 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
9646 * lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c:
9647 Added certificate verification profiles.
9649 2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
9651 * lib/x509/verify.c: simplified _gnutls_verify_certificate2().
9653 2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
9655 * lib/x509/verify.c: consistency changes.
9657 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9659 * lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
9662 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9666 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9668 * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
9669 lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
9670 lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
9671 now kept in trust list instead of the credentials parameters. This is however not enabled by default. When adding CAs to trust
9672 list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
9673 RDN sequence. This flag is for now only useful internally in gnutls.
9675 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9677 * tests/x509dn.c: simplified x509dn
9679 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9681 * lib/gnutls_x509.c: doc update
9683 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9685 * tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
9686 set_pkcs12_cred test.
9688 2014-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9690 * NEWS, lib/pkcs11.c: doc update
9692 2014-01-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
9694 * src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
9695 servers Without this patch, a TLS 1.2-only server will not be properly
9696 investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key
9697 --x509certfile=server/x509.pem --priority
9698 'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
9699 localhost Resolving 'localhost'... Connecting to '::1:5556'...
9700 Checking for SSL 3.0 support... no Checking whether %COMPAT is
9701 required... yes Checking for TLS 1.0 support... no Checking for TLS
9702 1.1 support... no Checking fallback from TLS 1.1 to... failed
9703 Checking for TLS 1.2 support... yes Checking whether we need to
9704 disable TLS 1.2... N/A Checking whether we need to disable TLS
9705 1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
9706 dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9708 2014-01-06 Nils Maier <maierman@web.de>
9710 * lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
9711 using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
9712 full packet before setting priv->expect_cstatus = 0, or else
9713 CERTIFCATE STATUS packets won't be processed in subsequent calls at
9714 all, leaving them in the buffer and therefore causing later
9715 connection aborts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
9717 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9719 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
9720 lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
9721 renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
9722 looking for a trusted certificate.
9724 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9726 * lib/gnutls_x509.c: simplified
9727 gnutls_certificate_set_x509_crl_file/mem.
9729 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9731 * lib/gnutls_x509.c: simplified
9732 gnutls_certificate_set_x509_trust_file/mem.
9734 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9736 * lib/x509/verify-high2.c: use gnutls_strdup
9738 2014-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9742 2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9744 * tests/Makefile.am: mini-record-2 movedto front.
9746 2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
9748 * lib/crypto-selftests-pk.c: removed debugging
9750 2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
9752 * lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
9753 PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
9754 and distrust (blacklists).
9756 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9758 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
9759 lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()
9761 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9763 * lib/pkcs11.c: more sensible names in find data private structures.
9765 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9769 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9771 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
9772 gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
9773 GNUTLS_PKCS11_ISSUER_ANY is not specified.
9775 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9779 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9781 * lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
9782 lib/pkcs11_write.c: unified PKCS#11 debug messages
9784 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9786 * configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
9787 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h:
9788 Updated PKCS #11 support for
9789 gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of
9790 importing all CAs. That way it allows verification on the spot
9791 without requiring the gnutls to restart in case of a blacklisted CA.
9793 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
9797 2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9799 * src/p11tool-args.def: Added documentation for force autogen to
9800 generate correct texinfo code.
9802 2013-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9806 2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9810 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9812 * tests/resume-dtls.c, tests/resume.c: resume tests will not block
9815 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9817 * lib/gnutls_global.c: moved constructor definitions to macros to
9818 allow easier extensions to other systems.
9820 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9822 * tests/rng-fork.c: perform the iteration check on both rngs.
9824 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9826 * tests/suppressions.valgrind: Add suppression for nettle's memxor3
9828 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9832 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9834 * tests/mini-dtls-record.c: updated
9836 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9838 * lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
9839 the current size of the client hello.
9841 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9843 * lib/ext/dumbfw.c: doc update
9845 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9847 * lib/ext/dumbfw.c: do not pad when the client hello size is
9850 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9852 * lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
9853 padding if the hello data are already too long.
9855 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9857 * lib/Makefile.am: export only xssl symbols; small patch by Andreas
9860 2013-12-26 Gustavo Zacarias <gustavo@zacarias.com.ar>
9862 * src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
9863 glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
9865 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9867 * lib/nettle/pk.c: limit the size of the DH exponent
9869 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9871 * lib/nettle/pk.c: unified constants
9873 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9875 * tests/fips-test.c: Do not run the fips-test when not in fips mode
9877 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9879 * lib/ext/session_ticket.c, lib/ext/status_request.c,
9880 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h:
9881 simplified gnutls_handshake_alloc
9883 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9885 * lib/pkcs11_write.c: do not specify a default class when searching
9886 for objects to delete This fixed issue when trying to delete all the keys in a token by
9887 using the token URL.
9889 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9891 * src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
9892 flag to force security office login to the card
9894 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9896 * src/pkcs11.c: updated txt
9898 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9900 * src/pkcs11.c: print warning when no token name is provided
9902 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9904 * lib/x509/common.c: Added userPrincipalName
9906 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9908 * libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
9909 parameter is ignored.
9911 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9913 * src/cli.c: corrected key ID size check
9915 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9917 * configure.ac: Ported Alon's patch to correctly check for librt (et
9918 al.) This also makes clock_gettime() check independent of the FIPS140
9921 2013-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9923 * src/p11tool-args.def: Added aliases list-privkeys and list-keys
9925 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9927 * lib/system.c: undefine select as well in win32
9929 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9931 * tests/mini-dtls-large.c, tests/mini-dtls-record.c,
9932 tests/mini-handshake-timeout.c: corrected some tests to operate
9933 silently under valgrind
9935 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9937 * tests/mpi.c, tests/x509cert-tl.c: corrected leaks
9939 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9941 * lib/system.c: do not use the gnulib wrappers in win32
9943 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9945 * src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
9946 set the gnulib functions for recv and send.
9948 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9950 * lib/accelerated/x86/elf/cpuid-x86_64.s: updated
9952 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9954 * tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
9957 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9959 * tests/x509cert-tl.c: corrected check
9961 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9963 * lib/x509/verify-high.c: removed debugging
9965 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9967 * tests/pkcs12_s2k.c: corrected paths
9969 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9971 * lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c:
9972 pkcs11_get_random was renamed
9974 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9976 * lib/accelerated/x86/coff/aes-ssse3-x86.s,
9977 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
9978 lib/accelerated/x86/coff/aesni-x86.s,
9979 lib/accelerated/x86/coff/aesni-x86_64.s,
9980 lib/accelerated/x86/coff/cpuid-x86.s,
9981 lib/accelerated/x86/coff/cpuid-x86_64.s,
9982 lib/accelerated/x86/coff/e_padlock-x86.s,
9983 lib/accelerated/x86/coff/e_padlock-x86_64.s,
9984 lib/accelerated/x86/coff/ghash-x86_64.s,
9985 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
9986 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
9987 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
9988 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
9989 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
9990 lib/accelerated/x86/elf/aes-ssse3-x86.s,
9991 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
9992 lib/accelerated/x86/elf/aesni-x86_64.s,
9993 lib/accelerated/x86/elf/cpuid-x86_64.s,
9994 lib/accelerated/x86/elf/e_padlock-x86.s,
9995 lib/accelerated/x86/elf/e_padlock-x86_64.s,
9996 lib/accelerated/x86/elf/ghash-x86_64.s,
9997 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
9998 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
9999 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
10000 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
10001 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
10002 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
10003 lib/accelerated/x86/macosx/aesni-x86.s,
10004 lib/accelerated/x86/macosx/aesni-x86_64.s,
10005 lib/accelerated/x86/macosx/cpuid-x86.s,
10006 lib/accelerated/x86/macosx/cpuid-x86_64.s,
10007 lib/accelerated/x86/macosx/e_padlock-x86.s,
10008 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
10009 lib/accelerated/x86/macosx/ghash-x86_64.s,
10010 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
10011 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
10012 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
10013 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
10014 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
10017 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10019 * cfg.mk: correctly generate asm sources
10021 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10023 * cfg.mk: gnu note for stack only used in ELF
10025 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10027 * lib/accelerated/x86/coff/openssl-cpuid-x86.s,
10028 lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
10029 lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
10030 lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
10033 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10035 * lib/Makefile.am, lib/accelerated/Makefile.am,
10036 lib/accelerated/accelerated.c: Improved nettle check for
10037 registration of accelerated ciphers.
10039 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10041 * lib/accelerated/x86/Makefile.am: use the correct sources in win32
10044 2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10046 * lib/Makefile.am: simplified deps
10048 2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10050 * lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: lib/Makefile.am
10052 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
10054 * tests/suite/testdane: updated danetool
10056 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
10058 * lib/algorithms/ecc.c: changed default to 256R1
10060 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
10062 * src/serv-args.def: doc update
10064 2013-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10066 * lib/Makefile.am: the accelerated library is depending on nettle
10069 2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
10071 * src/certtool-args.def: doc update
10073 2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
10075 * doc/cha-tokens.texi: updated to account the file format p11-kit
10078 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10082 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10084 * devel/openssl: restricted submodule to a specific version
10086 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10088 * .gitignore, cfg.mk: bootstrap will initialize the submodules
10090 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10092 * lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
10093 lib/accelerated/x86/coff/aesni-x86_64.s,
10094 lib/accelerated/x86/coff/e_padlock-x86_64.s,
10095 lib/accelerated/x86/coff/ghash-x86_64.s,
10096 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
10097 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
10098 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
10099 lib/accelerated/x86/elf/aesni-x86_64.s,
10100 lib/accelerated/x86/elf/e_padlock-x86_64.s,
10101 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
10102 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
10103 lib/accelerated/x86/macosx/aesni-x86_64.s,
10104 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
10105 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files
10107 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10109 * .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
10110 devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
10111 devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
10112 devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
10113 devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
10114 devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
10115 devel/perlasm/openssl-cpuid-x86.pl.license,
10116 devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
10117 devel/perlasm/sha1-ssse3-x86_64.pl,
10118 devel/perlasm/sha256-ssse3-x86.pl,
10119 devel/perlasm/sha512-ssse3-x86.pl,
10120 devel/perlasm/sha512-ssse3-x86_64.pl,
10121 devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
10122 devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
10123 devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
10124 using git submodule
10126 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10130 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10132 * configure.ac, lib/system.c: Added configure option
10133 --with-default-blacklist-file This option allows to specify a file containing blacklisted
10136 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10138 * lib/x509/verify-high.c, lib/x509/verify-high2.c:
10139 gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
10140 black list. When a CA or certificate is removed from the trusted list, it is
10141 also added in a blacklist to ensure that it will not be accepted due
10142 to interdependency (e.g., it is a subordinate CA), or because it is
10145 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10147 * lib/x509/verify-high2.c: Corrected documentation for
10148 gnutls_x509_trust_list_add_trust_*
10150 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10152 * lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
10153 in gnutls_pkcs11_reinit.
10155 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10157 * lib/nettle/mac.c: Avoid verbose logging
10159 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10161 * lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h:
10162 use better definitions
10164 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10166 * tests/mini-cert-status.c: doc update
10168 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10172 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10174 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
10175 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
10176 lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
10177 lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
10178 boundaries the buffers provided to cryptodev. When gnutls is compiled with support for cryptodev, the buffers
10179 provided to crypto backend are ensured to be 16-byte aligned (except
10180 the ones provided by the user). That increases performance in
10181 several crypto accelerators.
10183 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10185 * tests/mini-dtls-large.c: updated to correspond to new fail()
10187 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10189 * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
10190 lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
10193 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10195 * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
10196 lib/accelerated/x86/aes-cbc-x86-aesni.c,
10197 lib/accelerated/x86/aes-cbc-x86-ssse3.c,
10198 lib/accelerated/x86/aes-gcm-padlock.c,
10199 lib/accelerated/x86/aes-gcm-x86-aesni.c,
10200 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
10201 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
10202 lib/accelerated/x86/aes-padlock.c,
10203 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
10204 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
10205 lib/accelerated/x86/hmac-x86-ssse3.c,
10206 lib/accelerated/x86/sha-padlock.c,
10207 lib/accelerated/x86/sha-padlock.h,
10208 lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
10209 lib/accelerated/x86/x86-common.c: reorganized source files.
10211 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10213 * lib/accelerated/x86/Makefile.am,
10214 lib/accelerated/x86/aes-gcm-x86-aesni.c,
10215 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
10216 AESNI is available without PCLMUL, then use AES-NI in GCM.
10218 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10220 * lib/accelerated/x86/aes-gcm-padlock.c,
10221 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
10222 lib/accelerated/x86/aes-x86.c: addressed warning
10224 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10226 * lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
10229 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10231 * lib/accelerated/x86/Makefile.am, lib/accelerated/x86/{hmac-x86.c
10232 => hmac-x86-ssse3.c}, lib/accelerated/x86/{sha-x86.c =>
10233 sha-x86-ssse3.c}: use better names for files
10235 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10237 * lib/accelerated/x86/aes-gcm-padlock.c,
10238 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
10239 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
10240 lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
10241 lib/accelerated/x86/hmac-padlock.c: zeroize keys
10243 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10245 * lib/accelerated/x86/Makefile.am,
10246 lib/accelerated/x86/{aes-gcm-x86.c => aes-gcm-x86-pclmul.c},
10247 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
10248 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
10249 lib/accelerated/x86/hmac-x86.c, lib/accelerated/x86/sha-x86.c,
10250 lib/accelerated/x86/sha-x86.h: When PCLMUL isn't available use the
10251 SSSE3 implementation of AES to optimize GCM.
10253 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10255 * src/benchmark-tls.c: removed UMAC ciphersuites from benchmark
10257 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10259 * src/benchmark-tls.c: removed the estream ciphersuites from
10262 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10264 * cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
10265 devel/perlasm/aes-ssse3-x86.pl.license,
10266 devel/perlasm/aes-ssse3-x86_64.pl,
10267 devel/perlasm/aes-ssse3-x86_64.pl.license,
10268 devel/perlasm/aesni-x86.pl.license,
10269 devel/perlasm/aesni-x86_64.pl.license,
10270 devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
10271 devel/perlasm/cpuid-x86_64.pl.license,
10272 devel/perlasm/e_padlock-x86.pl.license,
10273 devel/perlasm/e_padlock-x86_64.pl.license,
10274 devel/perlasm/ghash-x86.pl.license,
10275 devel/perlasm/ghash-x86_64.pl.license,
10276 devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
10277 devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
10278 devel/perlasm/openssl-cpuid-x86.pl.license,
10279 devel/perlasm/ppc-xlate.pl.license,
10280 devel/perlasm/sha1-ssse3-x86.pl.license,
10281 devel/perlasm/sha1-ssse3-x86_64.pl.license,
10282 devel/perlasm/sha256-ssse3-x86.pl.license,
10283 devel/perlasm/sha512-ssse3-x86.pl.license,
10284 devel/perlasm/sha512-ssse3-x86_64.pl.license,
10285 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
10286 lib/accelerated/x86/coff/aes-ssse3-x86.s,
10287 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
10288 lib/accelerated/x86/coff/aesni-x86.s,
10289 lib/accelerated/x86/coff/aesni-x86_64.s,
10290 lib/accelerated/x86/coff/cpuid-x86.s,
10291 lib/accelerated/x86/coff/cpuid-x86_64.s,
10292 lib/accelerated/x86/coff/e_padlock-x86.s,
10293 lib/accelerated/x86/coff/e_padlock-x86_64.s,
10294 lib/accelerated/x86/coff/ghash-x86_64.s,
10295 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
10296 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
10297 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
10298 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
10299 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
10300 lib/accelerated/x86/elf/aes-ssse3-x86.s,
10301 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
10302 lib/accelerated/x86/elf/aesni-x86.s,
10303 lib/accelerated/x86/elf/aesni-x86_64.s,
10304 lib/accelerated/x86/elf/cpuid-x86.s,
10305 lib/accelerated/x86/elf/cpuid-x86_64.s,
10306 lib/accelerated/x86/elf/e_padlock-x86.s,
10307 lib/accelerated/x86/elf/e_padlock-x86_64.s,
10308 lib/accelerated/x86/elf/ghash-x86_64.s,
10309 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
10310 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
10311 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
10312 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
10313 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
10314 lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
10315 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
10316 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
10317 lib/accelerated/x86/macosx/aesni-x86.s,
10318 lib/accelerated/x86/macosx/aesni-x86_64.s,
10319 lib/accelerated/x86/macosx/cpuid-x86.s,
10320 lib/accelerated/x86/macosx/cpuid-x86_64.s,
10321 lib/accelerated/x86/macosx/e_padlock-x86.s,
10322 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
10323 lib/accelerated/x86/macosx/ghash-x86_64.s,
10324 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
10325 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
10326 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
10327 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
10328 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
10329 Hamburg's SSSE3 AES implementation.
10331 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10333 * doc/Makefile.am, doc/manpages/Makefile.am: doc update
10335 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10337 * cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
10338 devel/perlasm/sha1-ssse3-x86.pl,
10339 devel/perlasm/sha1-ssse3-x86_64.pl,
10340 devel/perlasm/sha256-ssse3-x86.pl,
10341 devel/perlasm/sha512-ssse3-x86.pl,
10342 devel/perlasm/sha512-ssse3-x86_64.pl,
10343 lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
10344 lib/accelerated/x86/aes-x86.c,
10345 lib/accelerated/x86/coff/{appro-aes-x86-coff.s => aesni-x86.s},
10346 lib/accelerated/x86/coff/{appro-aes-x86-64-coff.s =>
10347 aesni-x86_64.s}, lib/accelerated/x86/coff/{cpuid-x86-coff.s =>
10348 cpuid-x86.s}, lib/accelerated/x86/coff/{cpuid-x86-64-coff.s =>
10349 cpuid-x86_64.s}, lib/accelerated/x86/coff/{padlock-x86-coff.s =>
10350 e_padlock-x86.s}, lib/accelerated/x86/coff/{padlock-x86-64-coff.s
10351 => e_padlock-x86_64.s},
10352 lib/accelerated/x86/coff/{appro-aes-gcm-x86-64-coff.s =>
10353 ghash-x86_64.s}, lib/accelerated/x86/coff/openssl-cpuid-x86.s,
10354 lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
10355 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
10356 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
10357 lib/accelerated/x86/coff/sha256-avx-x86_64.s,
10358 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
10359 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
10360 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
10361 lib/accelerated/x86/elf/{appro-aes-x86.s => aesni-x86.s},
10362 lib/accelerated/x86/elf/{appro-aes-x86-64.s => aesni-x86_64.s},
10363 lib/accelerated/x86/elf/{cpuid-x86-64.s => cpuid-x86_64.s},
10364 lib/accelerated/x86/elf/{padlock-x86.s => e_padlock-x86.s},
10365 lib/accelerated/x86/elf/{padlock-x86-64.s => e_padlock-x86_64.s},
10366 lib/accelerated/x86/elf/{appro-aes-gcm-x86-64.s => ghash-x86_64.s},
10367 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
10368 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
10369 lib/accelerated/x86/elf/sha256-avx-x86_64.s,
10370 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
10371 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
10372 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
10373 lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
10374 lib/accelerated/x86/macosx/{appro-aes-x86-macosx.s => aesni-x86.s},
10375 lib/accelerated/x86/macosx/{appro-aes-x86-64-macosx.s =>
10376 aesni-x86_64.s}, lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
10377 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
10378 lib/accelerated/x86/macosx/cpuid-x86.s,
10379 lib/accelerated/x86/macosx/cpuid-x86_64.s,
10380 lib/accelerated/x86/macosx/{padlock-x86-macosx.s =>
10382 lib/accelerated/x86/macosx/{padlock-x86-64-macosx.s =>
10383 e_padlock-x86_64.s},
10384 lib/accelerated/x86/macosx/{appro-aes-gcm-x86-64-macosx.s =>
10385 ghash-x86_64.s}, lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
10386 lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
10387 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
10388 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
10389 lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
10390 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
10391 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
10392 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
10393 lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
10394 lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
10397 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10399 * lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h:
10400 Utilize the optimized SHA functions in Padlock HMAC.
10402 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10404 * src/Makefile.am: use a single BUILT_SOURCES
10406 2012-05-03 Patrick Pelletier <code@funwithsoftware.org>
10408 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
10409 doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
10410 lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def:
10411 minor phrasing improvements in docs
10413 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10415 * src/Makefile.am: Added auto-generated files in BUILT_SOURCES
10417 2013-12-13 Jared Wong <jaredlwong@gmail.com>
10419 * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
10420 line_size. All checks were being done where the line_size check was done last.
10421 This allows data to be read from one past teh end of the line
10422 buffer. In C, accessing data outside of an array is undefined
10423 behavior and may cause yet known problems. Additionally, the
10424 compiler may end up making some unreasonable assumptions under the
10425 pretense that the programmer is never wrong and would not access
10426 data outside of the array.
10428 2013-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
10430 * src/libopts/m4/libopts.m4: Avoid conditional generation of
10433 2013-12-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
10435 * lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
10436 prime size as well.
10438 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10442 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10444 * lib/libgnutls.map: exported function
10446 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10448 * lib/gnutls_buffers.c, lib/gnutls_record.c,
10449 lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.
10451 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10453 * Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
10454 gnu-ism in Makefiles
10456 2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
10458 * lib/gnutls_global.c: simplified logic
10460 2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
10462 * lib/fips.c: Correctly detect the FIPS140-2 HMAC file.
10464 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10466 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
10467 lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
10468 exported pkcs11 functions initialize PKCS #11.
10470 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10472 * lib/pkcs11.c: fixes in PKCS #11 initialization
10474 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10476 * lib/gnutls_handshake.c: provide imprecise time as gmt time.
10478 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10480 * lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
10481 auto-reinitialization.
10483 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10485 * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
10486 fully initialize the PKCS #11 subsystem only when it is needed to.
10488 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10490 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
10491 lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
10492 lib/nettle/mac.c: FIPS140 mode is detected on run-time. That allows a library compiled in FIPS140 mode to operate as the
10493 full library if the system is not in FIPS mode.
10495 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10497 * .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
10498 check to verify that gnutls_global_init() is run on the library
10501 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10503 * tests/global-init.c: converted to a simple check for
10504 gnutls_global_init() as gnutls_global_init2() will not be added.
10506 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10508 * lib/pkcs11.c: call p11_kit_modules_load() with null argument.
10510 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10512 * configure.ac: only use LT_INIT
10514 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10518 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10520 * configure.ac: disable static library build by default
10522 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10524 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
10525 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
10526 gnutls_global_init2() is no longer exported.
10528 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10530 * NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update
10532 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10534 * lib/pkcs11.c: Added automatic reinitialization on fork() on the
10535 PKCS #11 subsystem.
10537 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10539 * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
10540 lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
10543 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10547 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10549 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
10550 lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
10551 Use a DRBG-AES to generate nonces rather than the yarrow RNG.
10553 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10555 * lib/nettle/rnd-fips.c: getpid() is conditionally used.
10557 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10559 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
10560 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
10561 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
10562 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
10563 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
10564 auto-generated files
10566 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10568 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
10569 tests/fips-test.c: removed zombie mode, and no longer use fips140.h
10571 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10573 * lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
10574 lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
10577 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10579 * lib/fips.c: simplified func
10581 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10583 * lib/crypto-api.c, lib/nettle/pk.c: corrected macros
10585 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10587 * tests/rng-fork.c: Check whether the RNG can perform many
10588 iterations without error.
10590 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10592 * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
10593 lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
10594 exceed a number of iterations.
10596 2013-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10598 * lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
10599 mutex to avoid any side-effects.
10601 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10603 * lib/locks.h: re-initialize a deleted staticly initialized mutex
10605 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10609 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10611 * lib/nettle/pk.c: Added hack for nettle's checks.
10613 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10615 * lib/algorithms/secparams.c: adjusted parameters in normal level
10616 for DSA to match nettle's abilities.
10618 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10620 * src/certtool.c: added newlines in error reporting
10622 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10624 * lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
10625 tests when used from slow/cipher-test
10627 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10631 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10633 * tests/global-init.c: updated test for the universal lib
10636 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10638 * lib/gnutls_global.c: removed deadlock from gnutls_global.c
10640 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10642 * lib/fips.c, lib/gnutls_global.c: constructor and destructors were
10643 moved outside the FIPS140 mode.
10645 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10647 * tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
10648 when not in FIPS140 mode.
10650 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10652 * lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c:
10653 fips140_simulate_error -> lib_simulate_error
10655 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10657 * lib/algorithms/secparams.c: adjusted subgroup bits to be
10658 compatible with DSA requirements.
10660 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10662 * lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
10663 lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
10664 lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
10665 lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
10666 lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
10667 library state is used even when not in FIPS mode. This allows having an error state that blocks the library usage even
10668 when not in FIPS mode.
10670 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10672 * : Merged the FIPS140-2 support code. Conflicts: lib/gnutls_global.c tests/mini-overhead.c
10674 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10676 * cross.mk: updated cross.mk
10678 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10680 * src/common.c: removed usage of %zu.
10682 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10684 * tests/mini-overhead.c: updated mini-overhead to account for the
10685 removal of salsa20+umac
10687 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10689 * lib/system.h: Detect the presence of posix locks even without
10690 linked to libpthread.
10692 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10694 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
10697 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10699 * configure.ac: remove bashism.
10701 2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10703 * doc/cha-tokens.texi: doc update
10705 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10707 * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
10709 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10711 * doc/reference/gnutls-docs.sgml: updated links in reference.
10712 Reported by Nico R.
10714 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10716 * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
10718 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10720 * doc/reference/gnutls-docs.sgml: updated links in reference.
10721 Reported by Nico R.
10723 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10725 * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
10726 updated addresses and URLs. Reported by Nico R.
10728 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10730 * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
10731 updated addresses and URLs. Reported by Nico R.
10733 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10735 * lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
10736 *structors to fips.c
10738 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10740 * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
10743 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10745 * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
10748 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10750 * lib/crypto-selftests-pk.c: Added ECDH known answer test.
10752 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10754 * lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
10755 Diffie-Hellman key exchange.
10757 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10759 * lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
10762 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10764 * lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c:
10765 compacted DH support files.
10767 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10769 * lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
10770 they are not needed.
10772 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10774 * lib/x509/privkey.c: When checking the generated DSA params make
10775 sure that the data to be signed have the proper size.
10777 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10779 * lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
10780 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
10781 lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
10782 lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
10783 exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
10784 functions. This allows handling DH key generation in the crypto backend files.
10786 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10788 * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
10790 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10792 * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
10794 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10796 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
10797 lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
10798 DRBG-AES generator by using a counter (with an arbitrary initial
10801 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10803 * lib/x509/privkey.c: Added pairwise constistency test on key
10806 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
10808 * lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero
10810 2013-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10812 * doc/certtool.cfg: updated example certtool.cfg
10814 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10816 * lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
10817 a compiler optimizing out out calls.
10819 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10821 * lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
10822 DH and DSA key q size.
10824 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10826 * lib/algorithms/secparams.c: corrected params for ULTRA level
10828 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10832 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10834 * tests/mini-record-2.c: Re-run receiving tests on server side, to
10835 allow any valgrind errors to propagate to exit code.
10837 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10839 * lib/fips.c: Perform an integrity check on all supporting libraries
10841 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10843 * src/certtool.c: In FIPS mode the default cipher is AES.
10845 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10847 * configure.ac: Do not link gnutls against librt unlress it is
10850 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10852 * configure.ac: checks FIPS-140 lib requirements, moved after
10853 clock_gettime() is checked for.
10855 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10857 * lib/opencdk/armor.c: removed unused function
10859 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10861 * lib/opencdk/pubkey.c: removed unused variable
10863 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10865 * lib/crypto-selftests-pk.c, tests/mini-xssl.c,
10866 tests/pkcs12_simple.c: Skip tests that require the non-suiteb
10869 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10871 * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h:
10872 _gnutls_privkey_decode_ecc_key() returns integers as error code to
10873 distinguish error conditions.
10875 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10877 * configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
10878 to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
10881 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10885 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10887 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
10888 lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
10889 lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
10890 lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
10891 tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
10892 parameter generator.
10894 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10896 * lib/nettle/rnd-fips.c: removed unneeded newlines
10898 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10900 * .gitignore: more files ignored
10902 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10904 * configure.ac, lib/nettle/Makefile.am,
10905 lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
10906 lib/nettle/int/drbg-aes.h, lib/nettle/{ => int}/gcm-camellia.c,
10907 lib/nettle/{ => int}/gcm-camellia.h, lib/nettle/rnd-fips.c: Added
10908 DRBG submitted to nettle in gnutls.
10910 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10912 * tests/mini-record-2.c: Added deflate compression tests with
10913 AES-GCM in order to be tested in FIPS mode.
10915 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10917 * lib/crypto-api.c: corrected comparison
10919 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10921 * lib/crypto-api.c: Allow MD5 hash in zombie mode
10923 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10925 * lib/gnutls_errors.h: fixed bug
10927 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10929 * tests/Makefile.am: don't run openssl (md5) when in fips mode
10931 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10933 * lib/fips.c, tests/fips-test.c: separate zombie mode from
10934 operational fips mode
10936 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10938 * tests/fips-test.c: modified to account for zombie mode
10940 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10942 * lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
10945 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10947 * lib/x509/privkey_openssl.c: beautified table
10949 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10951 * NEWS: added new functions
10953 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10955 * lib/crypto-selftests-pk.c: eliminated memory leak on PK self
10958 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10960 * lib/gnutls_errors.c, lib/gnutls_global.c,
10961 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
10962 lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c:
10963 Added gnutls_global_init2(). This allows initializing gnutls in a
10964 constructor in FIPS140 mode
10966 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10968 * lib/fips.c: Added an audit message in self test failure
10970 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10972 * lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
10975 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10977 * lib/fips.c: binary integrity self test moved to end
10979 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10981 * lib/gnutls_errors.h: simplified debugging levels.
10983 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10985 * lib/x509_b64.c: silence some errors
10987 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10989 * lib/nettle/rnd-fips.c: updated
10991 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10993 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c:
10994 Better handling of FIPS140-2 initialization
10996 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10998 * lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
10999 lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
11000 determine which curves are available.
11002 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
11004 * lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c:
11005 gnutls_key_generate() is restricted by the size of the initial RNG
11006 seed in FIPS140-2 mode.
11008 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
11010 * lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
11013 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
11015 * lib/nettle/pk.c: when using the rng() with a void option use the
11016 FIPS state to indicate errors.
11018 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
11020 * tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
11021 tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
11022 tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c:
11023 Restrict the number of tests run on FIPS140-2 mode.
11025 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
11027 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
11028 lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
11029 lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
11030 FIPS140-2 mode disable non-conformant ciphers, MAC and hash
11033 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
11035 * lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c:
11036 Use nettle for the generation of DH group parameters.
11038 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
11040 * lib/nettle/pk.c: no need to memset. It should have been
11043 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
11045 * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
11046 tests/cert-tests/ca-no-pathlen.pem,
11047 tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
11048 not involve the security level into the certificate comparisons.
11050 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
11052 * lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
11053 lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
11054 pk_generate_params() and pk_generate_keys(). This allows using the pk_generate interface to get DH parameters and
11057 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
11059 * lib/algorithms/secparams.c: restricted combinations of security
11060 parameters in FIPS mode.
11062 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
11064 * lib/nettle/rnd-fips.c: removed the initialized static variable.
11066 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
11068 * lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
11069 lib/nettle/rnd-fips.c: Corrected _rnd_get_event().
11071 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
11073 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
11074 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
11075 lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c:
11076 Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
11079 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11081 * tests/rng-fork.c: In rng_fork test all random generators.
11083 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11085 * lib/nettle/rnd-fips.c: comments updated to conform to the modified
11088 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11090 * lib/nettle/rnd-fips.c: removed external test functions
11092 2013-11-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11094 * .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
11095 lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
11096 lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
11097 libgcrypt's AES-based DRBG.
11099 2013-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
11101 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
11102 lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
11105 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11107 * lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
11108 lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
11111 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11113 * lib/x509/privkey_pkcs8.c: corrected typo
11115 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11117 * lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
11118 lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
11121 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11123 * lib/x509/privkey_openssl.c: more keys are zeroized
11125 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11127 * m4/hooks.m4: require libtasn1 3.4
11129 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11131 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
11132 lib/minitasn1/element.c, lib/minitasn1/element.h,
11133 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
11134 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
11135 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
11136 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
11137 lib/minitasn1/version.c: updated libtasn1 version
11139 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11141 * lib/nettle/pk.c: use the most appropriate nettle function
11143 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11145 * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
11146 lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
11147 lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
11148 lib/x509/privkey_pkcs8.c: better naming for free_datum functions.
11150 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11152 * lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
11153 lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
11154 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
11155 buffers of private keys.
11157 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11159 * lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
11160 ECC secret scalars and points.
11162 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11164 * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
11165 lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
11166 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
11167 lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
11168 lib/nettle/mac.c: Added zeroization of keys in several parts within
11171 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11173 * lib/gnutls_dh.c: doc update
11175 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11177 * lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
11180 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11182 * lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
11183 _gnutls_mpi_release()
11185 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11187 * NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
11188 lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
11189 lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
11190 tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
11191 and added a self test for it.
11193 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11195 * lib/fips.c, lib/fips.h: Added binary integrity test
11197 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11199 * configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
11200 lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
11201 lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
11202 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
11203 lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
11204 lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
11205 lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
11206 for fips states. This implies that when in FIPS mode and the library is not in
11207 operational state (i.e., all self checks succeeded), crypto
11208 functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
11210 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11212 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
11213 tests/slow/cipher-test.c: indented code
11215 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11219 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11221 * configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
11222 tests/slow/cipher-test.c: Self checks are conditionally included in
11225 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11227 * lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
11228 RSA, DSA and ECDSA.
11230 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11232 * lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
11233 specifying an explicit curve.
11235 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11237 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
11238 lib/libgnutls.map: Added gnutls_privkey_generate().
11240 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11242 * lib/Makefile.am, lib/crypto-selftests-pk.c,
11243 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
11244 tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
11247 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11249 * lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
11250 tests/slow/cipher-test.c: Added option to run all available self
11251 tests per category in a single run.
11253 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11255 * lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
11256 self-tests by adding digest and MAC tests.
11258 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
11260 * lib/Makefile.am, lib/crypto-selftests.c,
11261 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
11262 tests/slow/cipher-test.c: Added self tests
11264 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
11266 * configure.ac: check for alternative unbound root key files.
11268 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11270 * lib/debug.c: increased buffers
11272 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11274 * lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
11275 lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
11276 lib/accelerated/x86/coff/padlock-x86-64-coff.s,
11277 lib/accelerated/x86/coff/padlock-x86-coff.s,
11278 lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
11279 lib/accelerated/x86/elf/appro-aes-x86-64.s,
11280 lib/accelerated/x86/elf/padlock-x86-64.s,
11281 lib/accelerated/x86/elf/padlock-x86.s,
11282 lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
11283 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
11284 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
11285 lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
11286 auto-generated asm files. This fixes a valgrind complaint when
11289 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11291 * devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
11292 devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
11293 devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
11294 devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
11295 devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
11296 devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
11297 devel/perlasm/x86nasm.pl: updated perlasm files
11299 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
11301 * configure.ac, lib/Makefile.am: Do not link gnutls against librt
11302 unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am
11304 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11306 * lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites
11308 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11310 * .gitignore: more files to ignore
11312 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11314 * configure.ac: updated e-mail address
11316 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11318 * doc/manpages/Makefile.am: use $shell()
11320 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11322 * Makefile.am, src/args-std.def: handle centrally more variables
11324 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11326 * configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
11327 manpage generation (and information stored to it).
11329 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11331 * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11332 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11333 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11334 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11335 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
11336 auto-generated doc files.
11338 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11340 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11341 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
11342 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
11343 doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c:
11344 certtool's --verify option if not supplied with a CA list, will use
11345 the system's CA list.
11347 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11349 * lib/includes/gnutls/x509.h: cast the expiration time to time_t
11351 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11353 * lib/x509/x509_write.c: doc update
11355 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11357 * lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
11358 for the 'no well defined' expiration time.
11360 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11362 * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
11363 gl/{tests => }/strerror-override.c, gl/{tests =>
11364 }/strerror-override.h, gl/{tests => }/strerror.c,
11365 gl/tests/Makefile.am: Added strerror module.
11367 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11369 * lib/nettle/egd.c: better use of errno
11371 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11373 * doc/latex/epub.tex, doc/latex/gnutls.tex,
11374 doc/scripts/mytexi2latex: use eurosym package for euro symbol
11376 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11378 * configure.ac: Corrected check of usage of local libopts when
11379 autogen isn't present
11381 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11383 * tests/cert-tests/Makefile.am,
11384 tests/cert-tests/template-dn-err.tmpl,
11385 tests/cert-tests/template-test: Verify failure of DN parsing in a
11388 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11390 * lib/gnutls_compress.c: disallow any compression in DTLS
11392 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11394 * tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c:
11395 mini-deflate was combined with mini-record-2
11397 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11399 * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
11400 lib/gnutls_record.h: Corrected bug which affected compressed
11401 records. Less space was provided for decryption than the required causing
11402 disconnection issues when compression was used. The issue was
11403 pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
11404 max_decrypted_size() and max_record_recv_size().
11406 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11408 * lib/ext/session_ticket.c: check return code of gnutls_rnd().
11410 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11412 * lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
11415 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11417 * cross.mk: updated cross.mk
11419 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11421 * lib/system.c: fixed for win32
11423 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11425 * lib/gnutls_buffers.c: added assert to trace errors.
11427 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11429 * cross.mk: updated
11431 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11433 * src/Makefile.am: link all programs with libgnu_gpl to avoid
11434 conflicts from header files.
11436 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11438 * src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
11439 src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h:
11440 Added progname module which is used by error().
11442 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11444 * src/socket.c: safer usage of strerror
11446 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11448 * doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable
11450 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11452 * src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
11455 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11457 * src/Makefile.am: corrected libopts patch
11459 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11461 * src/gl/error.c: removed unneed line
11463 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11465 * .gitignore: ignore xssl manpages
11467 2013-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11469 * lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
11472 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11474 * Makefile.am: generate ChangeLog after doc/ is checked.
11476 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11478 * doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles
11480 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11482 * doc/scripts/getfuncs.pl: made more clever to ignore inline
11485 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11487 * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11488 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11489 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11490 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11491 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
11492 auto-generated files
11494 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11496 * doc/cha-gtls-app.texi: doc update
11498 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11500 * lib/libgnutls.map: exported gnutls_est_record_overhead_size
11502 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11504 * lib/gnutls_global.c: do not add newline (it's already in the
11507 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11509 * lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
11510 function is not updated if it is already set.
11512 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11514 * doc/cha-gtls-app.texi: doc update
11516 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11520 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11522 * configure.ac: bumped version
11524 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11526 * cfg.mk: updated glimport
11528 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11530 * cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11531 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
11532 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
11533 doc/invoke-tpmtool.texi, src/certtool-args.def: doc update
11535 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11537 * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
11538 tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test:
11539 Added self checks for new date reading functionality
11541 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11543 * .gitignore, src/Makefile.am, src/certtool-args.def,
11544 src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
11545 activation_date and expiration_date options to certtool template
11548 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11550 * .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
11551 src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
11552 src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
11553 src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
11554 src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
11555 src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
11556 src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
11557 src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
11558 src/gl/m4/error.m4, src/gl/m4/extensions.m4,
11559 src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
11560 src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
11561 src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
11562 src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
11563 src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
11564 src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
11565 src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
11566 src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
11567 src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
11568 src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
11569 src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
11570 src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
11571 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
11572 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
11573 src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
11574 src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
11575 src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
11576 src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
11577 src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
11578 src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
11579 src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
11580 src/gl/strerror-override.c, src/gl/strerror-override.h,
11581 src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
11582 src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
11583 src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
11584 src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
11585 src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
11586 src/gl/xmalloc.c: Added a gnulib with GPL components for use by
11589 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11591 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11592 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11593 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11594 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11595 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def:
11596 corrected bug reporting address.
11598 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11600 * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
11601 for overflows when setting time and allow a time of -1.
11603 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11605 * lib/x509/common.c, tests/cert-tests/Makefile.am,
11606 tests/cert-tests/template-overflow.pem,
11607 tests/cert-tests/template-overflow.tmpl,
11608 tests/cert-tests/template-overflow2.pem,
11609 tests/cert-tests/template-overflow2.tmpl,
11610 tests/cert-tests/template-test: Dates and time that would overflow
11611 the GeneralTime are also truncated. We may need to revise that
11614 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11616 * doc/Makefile.am, doc/invoke-certtool.texi,
11617 doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
11618 doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
11619 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
11620 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
11621 doc/invoke-tpmtool.texi: force serialized generation of
11622 invoke-*texi, to avoid autogen issue.
11624 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11626 * lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
11627 (time_t)-1 will set to the no well-defined expiration date value.
11629 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11631 * lib/gnutls_handshake.c: correctly set the ciphersuite when the
11632 set_premaster interface is used.
11634 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11636 * lib/gnutls_state.c: check for a valid blocksize prior to entering
11639 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11641 * lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
11642 if set to a number will enable logging to stderr.
11644 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11646 * tests/suite/testcompat, tests/suite/testcompat-main: corrected
11647 issue with a not-yet-valid certificate
11649 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11651 * src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
11654 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11656 * src/serv.c: simplified function
11658 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11660 * tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
11661 with fedora's openssl
11663 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11665 * configure.ac: print whether the local libopts or libtasn1 are
11668 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11670 * gl/Makefile.am, gl/base64.c, gl/{tests => }/intprops.h,
11671 gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
11672 gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, maint.mk: Added intprops
11673 module (which is needed by newer libtasn1 versions)
11675 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11677 * lib/gnutls_int.h: use the bool expression instead of unsigned
11680 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
11682 * lib/gnutls_global.c: doc update
11684 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11686 * lib/system.h: define GNUTLS_PATH_MAX globally.
11688 2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11690 * lib/gnutls_x509.c: doc update
11692 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11694 * tests/suite/testcompat: do not run on clippled versions of openssl
11696 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11698 * lib/x509/common.c, lib/x509/extensions.c: simplified functions.
11700 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11702 * tests/suite/ciphersuite/test-ciphers.js,
11703 tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
11706 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11708 * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
11709 lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
11710 lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
11713 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11715 * tests/utils.c: always exit when fail is called.
11717 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11719 * configure.ac: reduced the stack size warning size.
11721 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11723 * doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update
11725 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11729 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11731 * NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
11732 lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
11733 lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
11734 string option. This works around issues when connecting behind some firewalls.
11736 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11738 * tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
11741 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11743 * doc/invoke-p11tool.texi, src/p11tool-args.def: doc update
11745 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11747 * NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
11748 of GNUTLS_PKCS11_PIN.
11750 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11754 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11756 * doc/invoke-p11tool.texi: doc update
11758 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11760 * tests/suite/pkcs11-certs/ca-tmpl,
11761 tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
11762 tests/suite/pkcs11-certs/client-tmpl,
11763 tests/suite/pkcs11-certs/client.crt,
11764 tests/suite/pkcs11-certs/client.key,
11765 tests/suite/pkcs11-certs/server-tmpl,
11766 tests/suite/pkcs11-certs/server.crt,
11767 tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
11768 test suite for PKCS #11 cards (not executed automatically).
11770 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11772 * lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
11773 self-signed certificates present in the chain
11775 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11777 * configure.ac: simplified checks
11779 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11781 * src/common.c, src/p11tool-args.def: Allow getting the PIN from the
11782 GNUTLS_PKCS11_PIN environment variable.
11784 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11786 * doc/TODO: updated
11788 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11792 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11794 * lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
11795 import the whole chain. This affects gnutls_certificate_set_x509_key_file*().
11797 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11799 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
11800 Added export-chain option to p11tool
11802 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11804 * lib/Makefile.am, lib/gnutls_pubkey.c,
11805 lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
11806 lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
11807 lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
11808 The latter function allows to obtain the issuer of a certificate
11809 stored in a token. While traversing tokens, use the URL provided by the user, to avoid
11810 looking for objects in unrelated tokens.
11812 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11814 * configure.ac: test before copy
11816 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11818 * lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()
11820 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11822 * doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
11823 lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
11824 function prototypes to account for the new indentation.
11826 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11828 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11829 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11830 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11831 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11832 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
11833 doc/manpages/tpmtool.1: doc update
11835 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11837 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
11838 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
11839 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
11840 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
11841 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
11842 lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
11843 indentation in headers.
11845 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11847 * Makefile.am, configure.ac: stribute the autogen'erated files as
11848 .bak and enable them only if local libopts is being used.
11850 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11852 * doc/alert-printlist.c, doc/common.c, doc/common.h,
11853 doc/errcodes.c, doc/examples/ex-alert.c,
11854 doc/examples/ex-cert-select-pkcs11.c,
11855 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
11856 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
11857 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
11858 doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
11859 doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
11860 doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
11861 doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
11862 doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
11863 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
11864 doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
11865 doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
11866 doc/examples/ex-x509-info.c, doc/examples/examples.h,
11867 doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
11868 doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
11869 extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
11870 extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
11871 lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
11872 lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
11873 lib/accelerated/x86/aes-gcm-padlock.c,
11874 lib/accelerated/x86/aes-gcm-x86.c,
11875 lib/accelerated/x86/aes-padlock.c,
11876 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
11877 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
11878 lib/accelerated/x86/sha-padlock.c,
11879 lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
11880 lib/algorithms.h, lib/algorithms/cert_types.c,
11881 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
11882 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
11883 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
11884 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
11885 lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
11886 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
11887 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
11888 lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
11889 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
11890 lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
11891 lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
11892 lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
11893 lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
11894 lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
11895 lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
11896 lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
11897 lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
11898 lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
11899 lib/ext/server_name.h, lib/ext/session_ticket.c,
11900 lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
11901 lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
11902 lib/ext/status_request.c, lib/ext/status_request.h,
11903 lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
11904 lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
11905 lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
11906 lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
11907 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
11908 lib/gnutls_compress.c, lib/gnutls_compress.h,
11909 lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
11910 lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
11911 lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
11912 lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
11913 lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
11914 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
11915 lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
11916 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
11917 lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
11918 lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
11919 lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
11920 lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
11921 lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
11922 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
11923 lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
11924 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
11925 lib/gnutls_rsa_export.c, lib/gnutls_session.c,
11926 lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
11927 lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
11928 lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
11929 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
11930 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
11931 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
11932 lib/gnutls_x509.c, lib/gnutls_x509.h,
11933 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
11934 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
11935 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
11936 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
11937 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
11938 lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
11939 lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
11940 lib/minitasn1/element.c, lib/minitasn1/element.h,
11941 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
11942 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
11943 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
11944 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
11945 lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
11946 lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
11947 lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
11948 lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
11949 lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
11950 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
11951 lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
11952 lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
11953 lib/opencdk/packet.h, lib/opencdk/pubkey.c,
11954 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
11955 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
11956 lib/opencdk/stream.h, lib/opencdk/types.h,
11957 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
11958 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
11959 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
11960 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
11961 lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
11962 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
11963 lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
11964 lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
11965 lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
11966 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
11967 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
11968 lib/x509/extensions.c, lib/x509/key_decode.c,
11969 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
11970 lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
11971 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
11972 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
11973 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
11974 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
11975 lib/x509/verify-high.c, lib/x509/verify-high.h,
11976 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
11977 lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
11978 lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
11979 lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
11980 libdane/errors.c, libdane/includes/gnutls/dane.h,
11981 src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
11982 src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
11983 src/certtool-common.c, src/certtool-common.h,
11984 src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
11985 src/common.c, src/common.h, src/crywrap/crywrap.c,
11986 src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
11987 src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
11988 src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
11989 src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
11990 src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
11991 src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
11992 tests/certder.c, tests/certificate_set_x509_crl.c,
11993 tests/certuniqueid.c, tests/chainverify-unsorted.c,
11994 tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
11995 tests/cve-2008-4989.c, tests/cve-2009-1415.c,
11996 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
11997 tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
11998 tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
11999 tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
12000 tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
12001 tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
12002 tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
12003 tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
12004 tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
12005 tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
12006 tests/mini-overhead.c, tests/mini-record-2.c,
12007 tests/mini-record-range.c, tests/mini-record.c,
12008 tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
12009 tests/mini-termination.c, tests/mini-x509-2.c,
12010 tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
12011 tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
12012 tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
12013 tests/openpgp-auth2.c, tests/openpgp-keyring.c,
12014 tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
12015 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
12016 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
12017 tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
12018 tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
12019 tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
12020 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
12021 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
12022 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
12023 tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
12024 tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
12025 tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
12026 tests/suite/ecore/src/include/Eina.h,
12027 tests/suite/ecore/src/include/eina_accessor.h,
12028 tests/suite/ecore/src/include/eina_array.h,
12029 tests/suite/ecore/src/include/eina_benchmark.h,
12030 tests/suite/ecore/src/include/eina_binshare.h,
12031 tests/suite/ecore/src/include/eina_config.h,
12032 tests/suite/ecore/src/include/eina_convert.h,
12033 tests/suite/ecore/src/include/eina_counter.h,
12034 tests/suite/ecore/src/include/eina_cpu.h,
12035 tests/suite/ecore/src/include/eina_error.h,
12036 tests/suite/ecore/src/include/eina_file.h,
12037 tests/suite/ecore/src/include/eina_fp.h,
12038 tests/suite/ecore/src/include/eina_hamster.h,
12039 tests/suite/ecore/src/include/eina_hash.h,
12040 tests/suite/ecore/src/include/eina_inlist.h,
12041 tests/suite/ecore/src/include/eina_iterator.h,
12042 tests/suite/ecore/src/include/eina_lalloc.h,
12043 tests/suite/ecore/src/include/eina_list.h,
12044 tests/suite/ecore/src/include/eina_log.h,
12045 tests/suite/ecore/src/include/eina_magic.h,
12046 tests/suite/ecore/src/include/eina_main.h,
12047 tests/suite/ecore/src/include/eina_matrixsparse.h,
12048 tests/suite/ecore/src/include/eina_mempool.h,
12049 tests/suite/ecore/src/include/eina_module.h,
12050 tests/suite/ecore/src/include/eina_quadtree.h,
12051 tests/suite/ecore/src/include/eina_rbtree.h,
12052 tests/suite/ecore/src/include/eina_rectangle.h,
12053 tests/suite/ecore/src/include/eina_safety_checks.h,
12054 tests/suite/ecore/src/include/eina_sched.h,
12055 tests/suite/ecore/src/include/eina_str.h,
12056 tests/suite/ecore/src/include/eina_strbuf.h,
12057 tests/suite/ecore/src/include/eina_stringshare.h,
12058 tests/suite/ecore/src/include/eina_tiler.h,
12059 tests/suite/ecore/src/include/eina_trash.h,
12060 tests/suite/ecore/src/include/eina_types.h,
12061 tests/suite/ecore/src/include/eina_unicode.h,
12062 tests/suite/ecore/src/include/eina_ustrbuf.h,
12063 tests/suite/ecore/src/include/eina_ustringshare.h,
12064 tests/suite/ecore/src/lib/Ecore.h,
12065 tests/suite/ecore/src/lib/Ecore_Getopt.h,
12066 tests/suite/ecore/src/lib/ecore.c,
12067 tests/suite/ecore/src/lib/ecore_anim.c,
12068 tests/suite/ecore/src/lib/ecore_app.c,
12069 tests/suite/ecore/src/lib/ecore_events.c,
12070 tests/suite/ecore/src/lib/ecore_exe.c,
12071 tests/suite/ecore/src/lib/ecore_getopt.c,
12072 tests/suite/ecore/src/lib/ecore_glib.c,
12073 tests/suite/ecore/src/lib/ecore_idle_enterer.c,
12074 tests/suite/ecore/src/lib/ecore_idle_exiter.c,
12075 tests/suite/ecore/src/lib/ecore_idler.c,
12076 tests/suite/ecore/src/lib/ecore_job.c,
12077 tests/suite/ecore/src/lib/ecore_main.c,
12078 tests/suite/ecore/src/lib/ecore_pipe.c,
12079 tests/suite/ecore/src/lib/ecore_poll.c,
12080 tests/suite/ecore/src/lib/ecore_private.h,
12081 tests/suite/ecore/src/lib/ecore_signal.c,
12082 tests/suite/ecore/src/lib/ecore_thread.c,
12083 tests/suite/ecore/src/lib/ecore_time.c,
12084 tests/suite/ecore/src/lib/ecore_timer.c,
12085 tests/suite/ecore/src/lib/eina_accessor.c,
12086 tests/suite/ecore/src/lib/eina_array.c,
12087 tests/suite/ecore/src/lib/eina_benchmark.c,
12088 tests/suite/ecore/src/lib/eina_binshare.c,
12089 tests/suite/ecore/src/lib/eina_chained_mempool.c,
12090 tests/suite/ecore/src/lib/eina_convert.c,
12091 tests/suite/ecore/src/lib/eina_counter.c,
12092 tests/suite/ecore/src/lib/eina_cpu.c,
12093 tests/suite/ecore/src/lib/eina_error.c,
12094 tests/suite/ecore/src/lib/eina_file.c,
12095 tests/suite/ecore/src/lib/eina_fp.c,
12096 tests/suite/ecore/src/lib/eina_hamster.c,
12097 tests/suite/ecore/src/lib/eina_hash.c,
12098 tests/suite/ecore/src/lib/eina_inlist.c,
12099 tests/suite/ecore/src/lib/eina_iterator.c,
12100 tests/suite/ecore/src/lib/eina_lalloc.c,
12101 tests/suite/ecore/src/lib/eina_list.c,
12102 tests/suite/ecore/src/lib/eina_log.c,
12103 tests/suite/ecore/src/lib/eina_magic.c,
12104 tests/suite/ecore/src/lib/eina_main.c,
12105 tests/suite/ecore/src/lib/eina_matrixsparse.c,
12106 tests/suite/ecore/src/lib/eina_mempool.c,
12107 tests/suite/ecore/src/lib/eina_module.c,
12108 tests/suite/ecore/src/lib/eina_private.h,
12109 tests/suite/ecore/src/lib/eina_quadtree.c,
12110 tests/suite/ecore/src/lib/eina_rbtree.c,
12111 tests/suite/ecore/src/lib/eina_rectangle.c,
12112 tests/suite/ecore/src/lib/eina_safety_checks.c,
12113 tests/suite/ecore/src/lib/eina_sched.c,
12114 tests/suite/ecore/src/lib/eina_share_common.c,
12115 tests/suite/ecore/src/lib/eina_share_common.h,
12116 tests/suite/ecore/src/lib/eina_str.c,
12117 tests/suite/ecore/src/lib/eina_strbuf.c,
12118 tests/suite/ecore/src/lib/eina_strbuf_common.c,
12119 tests/suite/ecore/src/lib/eina_strbuf_common.h,
12120 tests/suite/ecore/src/lib/eina_stringshare.c,
12121 tests/suite/ecore/src/lib/eina_tiler.c,
12122 tests/suite/ecore/src/lib/eina_unicode.c,
12123 tests/suite/ecore/src/lib/eina_ustrbuf.c,
12124 tests/suite/ecore/src/lib/eina_ustringshare.c,
12125 tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
12126 tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
12127 tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
12128 tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c:
12131 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
12133 * lib/pkcs11.c: doc update
12135 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
12137 * lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
12138 gnutls_x509_privkey_generate() allow specifying an explicit curve.
12140 2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12142 * src/certtool-args.def, src/certtool-common.c,
12143 src/certtool-common.h, src/certtool.c: enable --outder for certtool
12144 --dh-info "certool --dh-info --outder" produces PEM-encoded output without
12147 2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12149 * src/certtool-args.def, src/certtool-common.c: enable --inder for
12150 certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
12151 without this patch.
12153 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12157 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12159 * doc/manpages/tpmtool.1: doc update
12161 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12163 * lib/gnutls_errors.c: doc update
12165 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12167 * configure.ac: use srcdir as prefix
12169 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12171 * configure.ac: removed unneeded command
12173 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12175 * configure.ac: print the flags used for libopts
12177 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12179 * configure.ac: delete libopts generated files if system libopts is
12182 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
12184 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
12185 lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h:
12186 separated the TLS IV size and the cipher IV size.
12188 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
12190 * configure.ac, src/libopts/Makefile.am: fixes in libopts
12193 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12195 * Makefile.am: make sure that .def files will be re-read on the
12198 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12200 * src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
12201 src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
12202 src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
12203 src/libopts/compat/strchr.c, src/libopts/configfile.c,
12204 src/libopts/genshell.c, src/libopts/genshell.h,
12205 src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
12206 src/libopts/option-value-type.h,
12207 src/libopts/option-xat-attribute.c,
12208 src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
12209 src/libopts/proto.h, src/libopts/streqvcmp.c,
12210 src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
12213 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12215 * src/certtool-cfg.c: better logging
12217 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12219 * lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
12222 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12224 * lib/x509/x509_dn.c: removed debugging info
12226 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12228 * lib/gnutls_priority.c: do not set any default level
12230 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12232 * lib/gnutls_priority.c: Assign very weak level to priority string
12235 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12237 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
12238 doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
12239 doc/invoke-srptool.texi: doc update
12241 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12243 * .gitignore: ignore auto-generated files
12245 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12247 * src/libopts/Makefile.am, src/libopts/ag-char-map.h,
12248 src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
12249 src/libopts/autoopts.c, src/libopts/autoopts.h,
12250 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
12251 src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
12252 src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
12253 src/libopts/genshell.c, src/libopts/genshell.h,
12254 src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
12255 src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
12256 src/libopts/option-value-type.c, src/libopts/option-value-type.h,
12257 src/libopts/option-xat-attribute.c,
12258 src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
12259 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
12260 src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
12261 src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18
12263 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12265 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
12266 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
12267 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
12268 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
12269 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
12270 src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
12271 src/tpmtool-args.h: removed autogenerated files
12273 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12275 * configure.ac, src/Makefile.am: If autogen and libopts are present
12276 then use the system's libopts.
12278 2013-11-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12280 * src/args-std.def, src/certtool-args.def, src/cli-args.def,
12281 src/danetool-args.def, src/psk-args.def, src/srptool-args.def:
12282 argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
12283 documentation places two dots (for example "specify a password
12284 file.." in srptool(1)). Most of the descriptions are declared properly (without a trailing
12285 dot), but this patch should clean up the rest. After this commit, any auto-generated documentation that is
12286 committed to git will probably will also need to be refreshed (or
12287 removed from git entirely and generated from the definitions during
12288 build, which might be cleaner).
12290 2013-11-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12292 * src/tests.c: fix DHE parameter output for gnutls-cli-debug
12293 --verbose gnutls_handshake() was failing during test_dhe_group, with an error
12294 of GNUTLS_E_NO_PRIORITIES_WERE_SET. Adding this call fixes the
12295 handshake so that DHE group details can be printed when requested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12297 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12299 * src/benchmark-tls.c, tests/mini-deflate.c,
12300 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
12301 tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
12302 tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
12305 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12307 * lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
12308 a warning as it is the same as not setting it. Reported by Daniel
12311 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12315 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12317 * src/certtool.c: Do not print private key parameters when exporting
12318 an encrypted private key.
12320 2013-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12322 * src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.
12324 2013-05-21 Stef Walter <stefw@redhat.com>
12326 * configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple
12327 callers of the same PKCS#11 module correctly. This increases the necessary p11-kit to 0.19.1 or later.
12329 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12331 * cross.mk: updated win32 makefile
12333 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12335 * tests/cert-tests/pem-decoding: win32 fix
12337 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12339 * src/pkcs11.c: include proper header file for uint8_t
12341 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12343 * NEWS: released 3.2.6
12345 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12347 * doc/invoke-certtool.texi, src/certtool-args.c,
12348 src/certtool-args.def, src/certtool-args.h: corrected example
12350 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12352 * lib/gnutls_record.c: debug_log -> record_log
12354 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12356 * lib/gnutls_record.c: Duplicate messages moved from audit log to
12357 debug log. There are networks where this is extremely common.
12359 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12361 * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
12363 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12365 * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
12366 doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
12367 doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi:
12368 replaced ':' in anchor names (texinfo doesn't like it).
12370 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12372 * doc/cha-upgrade.texi: doc update
12374 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12376 * lib/pkcs11_write.c: simplified code
12378 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12380 * NEWS, configure.ac, m4/hooks.m4: bumped version
12382 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12384 * build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4,
12385 gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
12386 gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4,
12387 gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
12388 gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h,
12389 gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
12390 gl/tests/getdtablesize.c, gl/tests/inttypes.in.h,
12391 gl/tests/macros.h, gl/tests/strerror-override.h,
12392 gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c,
12393 gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h,
12394 gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib.
12396 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12398 * libdane/dane.c: Removed unused parameter.
12400 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12402 * tests/suite/testdane: Better DANE test output.
12404 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12406 * libdane/dane.c: reindented code
12408 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12410 * libdane/dane.c: Reorganized main loop in dane_raw_tlsa
12412 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12414 * src/danetool.c: Added proper newlines to errors.
12416 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12418 * doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update
12420 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12422 * lib/accelerated/cryptodev.c: corrected typo
12424 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12426 * .gitignore, tests/suite/Makefile.am,
12427 tests/suite/ciphersuite/README,
12428 tests/suite/ciphersuite/registry-ciphers.js,
12429 tests/suite/ciphersuite/registry-ciphers.xslt,
12430 tests/suite/ciphersuite/scan-gnutls.sh,
12431 tests/suite/ciphersuite/test-ciphers.js,
12432 tests/suite/ciphersuite/test-ciphersuites.sh,
12433 tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test
12435 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12437 * tests/mini-handshake-timeout.c: Added a proper termination of
12438 session to avoid issues with premature termination.
12440 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12442 * configure.ac, tests/dtls/Makefile.am: we now explicitly check for
12445 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12447 * tests/cert-tests/Makefile.am, tests/dsa/Makefile.am,
12448 tests/dtls/Makefile.am, tests/ecdsa/Makefile.am,
12449 tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am,
12450 tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am,
12451 tests/pkcs8-decode/Makefile.am,
12452 tests/rsa-md5-collision/Makefile.am,
12453 tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am,
12454 tests/slow/Makefile.am, tests/srp/Makefile.am,
12455 tests/suite/Makefile.am, tests/userid/Makefile.am: use the same
12456 environment in all tests
12458 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12460 * tests/cert-tests/pem-decoding: removed unneeded diff option
12462 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12464 * tests/cert-tests/aki, tests/cert-tests/dane,
12465 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now
12466 a parameter allowing to override it.
12468 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12470 * tests/Makefile.am: LC_ALL is set to C to have predictable outputs
12473 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12475 * tests/mini-handshake-timeout.c: simplified test
12477 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12479 * NEWS: updated doc
12481 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12483 * lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and
12486 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12488 * doc/invoke-p11tool.texi: p11tool text updated.
12490 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12492 * doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
12493 doc/examples/print-ciphersuites.c: removed warnings
12495 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12497 * src/cli.c: removed warnings
12499 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12501 * NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules
12502 via trousers is now enabled by default.
12504 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12508 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12510 * src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h,
12511 src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option
12512 --generate-random to p11tool.
12514 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12516 * lib/algorithms/publickey.c, lib/algorithms/sign.c,
12517 lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures.
12519 2013-10-24 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
12521 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
12522 lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11
12523 tokens Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
12525 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12527 * lib/algorithms/publickey.c: Added new fallback OID for RSA
12530 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12532 * lib/algorithms/ciphersuites.c: Corrected number in
12533 GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to
12534 this ciphersuite. However {0xC0,0x8D} should be a typo as it is used
12535 by another ciphersuite in the same document.
12537 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12539 * lib/algorithms/ciphersuites.c: Corrected the naming of several PSK
12542 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12546 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12548 * lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name
12549 were renamed to ARCFOUR_128
12551 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12553 * NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites
12554 GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and
12555 GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384.
12557 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12559 * NEWS: updated doc
12561 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12563 * lib/algorithms/secparams.c: Increased minimum acceptable DH key to
12566 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12568 * tests/priorities.c: updated priorities for new ciphersuites
12570 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12572 * cross.mk: updated
12574 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12578 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12580 * lib/algorithms/ciphersuites.c: Added ciphersuite
12581 GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384
12583 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12585 * tests/chainverify.c: Applied small patch by Jeremie
12586 Courreges-Anglas to avoid usage of error().
12588 2013-10-24 Alon Bar-Lev <alon.barlev@gmail.com>
12590 * src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
12591 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12593 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12595 * lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2
12596 or better to TLS1.0 or later.
12598 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12600 * lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into
12601 the default priority levels, and prioritized GCM over CBC
12604 2013-10-23 Christian Grothoff <christian@grothoff.org>
12606 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option
12607 DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key
12608 entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized
12609 from a source other than libunbound/DNS, as then the DNSSEC root key
12610 would not be used anyway. Worse, if we failed to read the DNSSEC
12611 root key, this would create a failure even though for applications
12612 that do not use DNSSEC (but do use DANE/TLSA) such a failure would
12613 be totally harmless.
12615 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12617 * NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi,
12618 doc/manpages/Makefile.am, doc/scripts/mytexi2latex,
12619 src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small
12620 changes prior to release
12622 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12624 * tests/priorities.c: corrected ciphersuite numbers in priorities
12626 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12628 * libdane/dane.c: corrected libdane doc
12630 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12632 * lib/includes/gnutls/gnutls.h.in: Added description for umac
12634 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12636 * m4/hooks.m4: bumped version
12638 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12640 * lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
12641 lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context.
12643 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12647 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12649 * lib/algorithms/ciphersuites.c: rearrangement
12651 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12653 * lib/algorithms/ciphersuites.c: Removed the _WITH_ from
12654 ciphersuites names.
12656 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12658 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
12659 lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am,
12660 lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
12661 lib/nettle/gcm-camellia.h: Added Camellia with GCM
12663 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12665 * lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia
12666 ciphersuites from RFC6367.
12668 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12670 * lib/algorithms/ciphersuites.c: Added HMAC-based Camellia
12671 ciphersuites from RFC6367.
12673 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12675 * lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from
12676 RFC5932. Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
12677 GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
12678 GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
12679 GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
12680 GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
12681 GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
12682 GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
12683 GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256.
12685 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12687 * lib/algorithms/ciphersuites.c: Added more ciphersuites from
12688 RFC5487. Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384,
12689 GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384,
12690 GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
12691 GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
12692 GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
12693 GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256,
12694 GNUTLS_RSA_PSK_NULL_SHA384.
12696 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12698 * lib/algorithms/ciphersuites.c: Added new ciphersuites from
12699 RFC5288. Added GNUTLS_RSA_AES_256_GCM_SHA384,
12700 GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384
12701 and GNUTLS_DH_ANON_AES_256_GCM_SHA384.
12703 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12707 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12709 * src/certtool-cfg.c: corrected type of path_len
12711 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12713 * libdane/libdane.map: exported symbols
12715 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12717 * NEWS, libdane/dane.c: small fixes
12719 2013-10-21 Christian Grothoff <christian@grothoff.org>
12721 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
12722 dane_verify_crt_raw to allow direct verification of a certificate
12723 chain against a dane_query_t (for example, as provided by the new
12724 dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12726 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12728 * m4/hooks.m4: bumped dane library version
12730 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12734 2013-10-21 Christian Grothoff <christian@grothoff.org>
12736 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
12737 dane_raw_tlsa to allow initialization of dane_query_t from DANE
12738 records based on external DNS resolutions. Also fixing a buffer
12739 overflow. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12741 2013-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12743 * lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in,
12744 po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
12745 po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in,
12746 tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
12747 tests/cert-tests/ca-no-pathlen.pem,
12748 tests/cert-tests/complex-cert.pem,
12749 tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c:
12750 Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some
12751 places (e.g. in the output of "certtool -i"), and "Public Key ID" in
12752 other places (e.g. in the output of "certtool -k"). This changeset standardizes on "Public Key ID", making the output
12753 consistent across uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12755 2013-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12757 * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added
12758 gnutls_certificate_get_crt_raw() to return the raw certificate as
12759 present in the credentials structure.
12761 2013-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12763 * doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected
12766 2013-10-09 Ludovic Courtès <ludo@gnu.org>
12768 * guile/modules/gnutls/build/priorities.scm, guile/src/core.c:
12769 guile: Fix possible stack overflows.
12771 2013-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12773 * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c,
12774 src/srptool.c: Corrected possible buffer overruns in included
12775 programs and examples. Corrected possible buffer overruns in included programs and
12776 examples. Reported by Pedro Ribeiro <pedrib@gmail.com>.
12778 2013-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12780 * NEWS: corrected typo
12782 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12786 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12788 * doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h:
12789 autogen'ed files update
12791 2013-10-04 Attila Molnar <attilamolnar@hush.com>
12793 * src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00
12794 2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
12795 2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when
12796 an invalid group parameter index is given If no group with the given index was found in the password conf file
12797 srptool crashed instead of reporting the error because the return
12798 value of fgets() wasn't validated before it was passed to atoi(). Signed-off-by: Attila Molnar <attilamolnar@hush.com>
12800 2013-10-04 Attila Molnar <attilamolnar@hush.com>
12802 * src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00
12803 2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
12804 2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to
12805 add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar <attilamolnar@hush.com>
12807 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12809 * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
12810 src/cli-args.h: doc update
12812 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12816 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12818 * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h:
12819 autogen'ed files update
12821 2013-10-03 Raj Raman <rajramanca@gmail.com>
12823 * src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline
12824 command infrastructure in gnutls-cli Signed-off-by: Raj Raman <rajramanca@gmail.com>
12826 2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12828 * tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of
12831 2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12833 * configure.ac, m4/hooks.m4: bumped version
12835 2013-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12837 * lib/tpm.c: include config.h in tpm.c
12839 2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12841 * doc/TODO: updated
12843 2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12845 * po/it.po.in: Sync with TP.
12847 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12851 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12853 * lib/algorithms/secparams.c: define subgroup bits for the weak and
12854 export parameters, to allow DH group generation.
12856 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12858 * doc/cha-gtls-app.texi: document the version macros
12860 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12862 * doc/cha-tokens.texi: doc update
12864 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12866 * src/tests.c: verbose is everywhere unsigned
12868 2013-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12872 2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12874 * lib/x509/verify-high.c: removed limitation as this has been
12877 2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12879 * doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update
12881 2013-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12883 * doc/TODO: doc update
12885 2013-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12887 * lib/gnutls_cipher.c: doc update
12889 2013-09-15 Ludovic Courtès <ludo@gnu.org>
12891 * guile/src/Makefile.am: guile: Use intermediary files when
12894 2013-09-15 Ludovic Courtès <ludo@gnu.org>
12896 * guile/src/Makefile.am: guile: Make builds parallel-safe. Reported by Andreas Metzler <ametzler@bebt.de>.
12898 2013-09-10 Tobias Polzer <tobias.polzer@fau.de>
12900 * lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for
12901 gnutls_srp_set_server_credentials_function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12903 2013-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12905 * src/Makefile.am: libopts is linked prior to libgnu to solve issue
12906 in win32. Initial patch by Tomasz Gajewski.
12908 2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12910 * tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in()
12911 and gnutls_handshake_get_last_out() for correctness.
12913 2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12915 * src/tests.c: Ignore non-fatal handshake alerts.
12917 2013-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12919 * tests/suite/mini-record-timing.c: silence warning about return
12922 2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12924 * lib/gnutls_cipher_int.c: updates in record packet encoding.
12926 2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12928 * tests/mini-record-2.c: Test the null cipher as well.
12930 2013-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12932 * lib/gnutls_cipher.c: added comments
12934 2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12936 * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
12937 gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
12938 gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
12939 Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857.
12941 2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12943 * src/certtool-common.c, src/certtool-extras.c, src/certtool.c,
12944 src/danetool.c, src/ocsptool-common.c, src/ocsptool.c,
12945 src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using
12948 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12950 * tests/record-sizes.c: record-sizes can only work properly with a
12953 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12955 * lib/gnutls_int.h: corrected max_user_send_size() for DTLS.
12957 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12959 * tests/mini-record-2.c: test for excessive records being correctly
12962 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12964 * lib/gnutls_cipher.c, lib/gnutls_cipher.h,
12965 lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c,
12966 lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int()
12967 accepts the actual pad rather than the intended data. Corrections in
12968 sending records with %NEW_PADDING.
12970 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12972 * .gitignore: more files to ignore
12974 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12976 * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
12977 gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
12978 gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
12981 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12983 * tests/suite/testdane: removed dane.nox.su from the good list
12985 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12987 * lib/gnutls_global.c: explicitly initialize the log functions
12989 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12991 * tests/Makefile.am, tests/mini-record-2.c: Added test to send
12992 variable packet sizes.
12994 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12996 * lib/gnutls_priority.c: doc update
12998 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13000 * lib/gnutls_cipher.c: simplified pad calculation
13002 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13004 * doc/cha-shared-key.texi: mention RSA-PSK
13006 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13008 * lib/auth/rsa_psk.c: author update
13010 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13012 * lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c:
13013 Improvements in RSA-PSK.
13015 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13017 * NEWS, m4/hooks.m4: released 3.2.4
13019 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13021 * lib/auth/Makefile.am: added missing file
13023 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13025 * lib/auth/rsa_psk.c: indented code
13027 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13031 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13033 * tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for
13034 RSA-PSK key exchange.
13036 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13038 * lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h,
13039 lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c:
13040 Optimizations in RSA-PSK by removing unneeded code.
13042 2013-06-29 Frank Morgner <morgner@informatik.hu-berlin.de>
13044 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
13045 lib/algorithms/kx.c, lib/algorithms/publickey.c,
13046 lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c,
13047 lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h,
13048 lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
13049 lib/gnutls_int.h, lib/gnutls_state.c,
13050 lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in
13051 e3c245b951530a92fc610a130faf167a37461073
13052 f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20
13054 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13056 * lib/gnutls_priority.c: arcfour is restored in the top of the
13057 performance priority.
13059 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13061 * tests/mini-cert-status.c: removed unused function
13063 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13065 * tests/Makefile.am, tests/mini-cert-status.c: Added test to verify
13066 the correct operation of gnutls_certificate_server_set_request().
13068 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13072 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13074 * lib/gnutls_int.h: Corrected
13075 gnutls_certificate_server_set_request().
13077 2013-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13079 * po/vi.po.in: Sync with TP.
13081 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13085 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13087 * tests/resume.c: Try 3 resumption attempts and try also session db
13090 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13092 * lib/gnutls_handshake.c: only register current session when not
13095 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13097 * lib/gnutls_db.c: do not duplicate tests for null.
13099 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13101 * src/serv.c: remove ifdefs for session tickets
13103 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13107 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13109 * lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by
13112 2013-08-18 Stefan Bühler <stbuehler@web.de>
13114 * lib/algorithms/ciphersuites.c, tests/priorities.c: add some
13115 RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges
13117 2013-08-18 Stefan Bühler <stbuehler@web.de>
13119 * tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c,
13120 tests/mini-alpn.c, tests/mini-deflate.c,
13121 tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c,
13122 tests/mini-dtls-large.c, tests/mini-dtls-record.c,
13123 tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
13124 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
13125 tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
13126 tests/mini-loss-time.c, tests/mini-overhead.c,
13127 tests/mini-record-range.c, tests/mini-record.c,
13128 tests/mini-rehandshake.c, tests/mini-termination.c,
13129 tests/mini-x509-2.c, tests/mini-x509-callbacks.c,
13130 tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c,
13131 tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c,
13132 tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c,
13133 tests/resume-dtls.c, tests/resume.c,
13134 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
13135 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
13136 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
13137 tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
13138 tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c:
13139 fix transport parameter casts in tests
13141 2013-08-24 Andreas Metzler <ametzler@downhill.at.eu.org>
13143 * tests/sha2/sha2: Clean up after test.
13145 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13147 * tests/cert-tests/pem-decoding: Corrected access of temp file.
13148 Reported by Thomas Witt.
13150 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13152 * doc/cha-gtls-app.texi: No longer recommend the use of RC4
13154 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13156 * lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h,
13157 lib/gnutls_priority.c: AES-GCM is preferred always
13159 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13161 * configure.ac, m4/hooks.m4: bumped version
13163 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13165 * NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
13166 lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c,
13167 src/certtool.c, src/cli-debug.c, src/cli.c,
13168 src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c,
13169 src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
13170 src/srptool.c, src/tpmtool.c: included programs no longer depend on
13171 GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion
13174 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13176 * .gitignore: more files to ignore
13178 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13180 * cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
13181 gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
13182 gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
13183 gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
13184 gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h,
13185 gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h,
13186 gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
13187 gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
13188 gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
13189 gl/dirname.h, gl/dup2.c, gl/errno.in.h, gl/error.c, gl/error.h,
13190 gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h, gl/float.c,
13191 gl/float.in.h, gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c,
13192 gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
13193 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
13194 gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
13195 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
13196 gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
13197 gl/hash-pjw-bare.h, gl/inet_ntop.c, gl/inet_pton.c, gl/isnan.c,
13198 gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
13199 gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
13200 gl/lseek.c, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4,
13201 gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
13202 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4,
13203 gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
13204 gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
13205 gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
13206 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
13207 gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4,
13208 gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
13209 gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4,
13210 gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4,
13211 gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4,
13212 gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4,
13213 gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h,
13214 gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
13215 gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
13216 gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
13217 gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
13218 gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
13219 gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
13220 gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c,
13221 gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c,
13222 gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c,
13223 gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c,
13224 gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c,
13225 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
13226 gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
13227 gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
13228 gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c,
13229 gl/strchrnul.valgrind, gl/strdup.c, gl/string.in.h,
13230 gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c,
13231 gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
13232 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
13233 gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
13234 gl/tests/Makefile.am, gl/{ => tests}/dosname.h, gl/{ =>
13235 tests}/fpucw.h, gl/tests/infinity.h, gl/{ => tests}/intprops.h,
13236 gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/malloca.valgrind,
13237 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c,
13238 gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c, gl/{ =>
13239 tests}/strerror-override.c, gl/{ => tests}/strerror-override.h,
13240 gl/{ => tests}/strerror.c, gl/tests/test-argp-2.sh,
13241 gl/tests/test-argp.c, gl/tests/test-dirent.c,
13242 gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h,
13243 gl/tests/test-frexp.c, gl/tests/test-frexp.h,
13244 gl/tests/test-frexpl.c, gl/tests/test-fseterr.c,
13245 gl/tests/test-getopt.c, gl/tests/test-getopt.h,
13246 gl/tests/test-getopt_long.h, gl/tests/test-isnand-nolibm.c,
13247 gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
13248 gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
13249 gl/tests/test-isnanl.h, gl/tests/test-malloc-gnu.c,
13250 gl/tests/test-malloca.c, gl/tests/test-math.c,
13251 gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
13252 gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output,
13253 gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c,
13254 gl/tests/test-signbit.c, gl/tests/test-sleep.c,
13255 gl/tests/test-strchrnul.c, gl/tests/test-sysexits.c,
13256 gl/tests/test-unsetenv.c, gl/tests/test-version-etc.c,
13257 gl/tests/test-version-etc.sh, gl/tests/test-vfprintf-posix.c,
13258 gl/tests/test-vfprintf-posix.sh, gl/tests/test-vprintf-posix.c,
13259 gl/tests/test-vprintf-posix.sh, gl/tests/unsetenv.c, gl/time.in.h,
13260 gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
13261 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
13262 gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
13263 gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
13264 src/certtool.c, src/cli-debug.c, src/cli.c, src/danetool.c,
13265 src/ocsptool-common.c, src/ocsptool.c, src/p11tool.c, src/psk.c,
13266 src/serv.c, src/srptool.c, src/tpmtool.c: gnulib only contains
13269 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13271 * po/de.po.in, po/vi.po.in: Sync with TP.
13273 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13275 * src/pkcs11.c: removed unused code
13277 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13279 * src/pkcs11.c: Do not try to parse arbitrary objects as
13282 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13284 * lib/gnutls_handshake.c: don't ignore errors when copying
13287 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13289 * doc/cha-gtls-app.texi: mention that new padding is currently a
13292 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13294 * configure.ac, src/libopts/makeshell.c: do not require localtime
13296 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13298 * cross.mk: added mkdir
13300 2013-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13302 * lib/gnutls_constate.c: inverse check for cipher ok and priority.
13304 2013-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13306 * lib/gnutls_record.c: documented parameters
13308 2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13310 * lib/gnutls_priority.c: no need to keep separate priority lists for
13311 export ciphersuites (they are no longer available).
13313 2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13315 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS
13316 priority string option.
13318 2013-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13320 * NEWS: released 3.2.3
13322 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13326 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13328 * lib/gnutls_record.c: allow empty fragments with padding.
13330 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13332 * tests/record-sizes-range.c: corrected test
13334 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13336 * tests/Makefile.am, tests/record-sizes-range.c: Added test for the
13337 range functionality.
13339 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13341 * lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead
13342 calculation in AEAD ciphers.
13344 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13346 * configure.ac: Correctly report unicode status in win32 API
13348 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13350 * lib/Makefile.am: correctly link with librt when needed.
13352 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13354 * configure.ac, lib/Makefile.am, lib/system.c: link with libiconv
13357 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13361 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13363 * build-aux/snippet/unused-parameter.h, configure.ac,
13364 gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
13365 gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
13366 gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf,
13367 gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf,
13368 gl/iconv_open-solaris.gperf, gl/iconv_open.c,
13369 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4,
13370 gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4,
13371 gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
13372 gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
13373 gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4,
13374 gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h,
13375 gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c,
13376 gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
13377 gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
13378 gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
13379 gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
13380 gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
13381 gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
13382 gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
13383 gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
13384 gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib
13385 components. This removes the gnulib iconv, and uses libc or libiconv if needed.
13387 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13389 * NEWS: released 3.2.3pre0
13391 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13393 * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
13395 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13397 * NEWS, configure.ac, m4/hooks.m4: bumped version
13399 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13401 * lib/gnutls_int.h, lib/gnutls_record.h: use common macros to
13402 calculate the overhead.
13404 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13406 * lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
13407 lib/gnutls_constate.c, lib/gnutls_constate.h,
13408 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
13409 lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake
13410 function is now called before epoch change. This allows enabling certain features, such as the new record
13411 padding, prior to exchanging finished messages.
13413 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13415 * tests/record-sizes.c: test sending and receiving the maximum
13416 allowed TLS buffer size.
13418 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13420 * configure.ac: corrected guile-site-dir option. Patch by Steve
13423 2013-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13425 * lib/gnutls_record.h: Do not count pad and MAC as received data.
13427 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13429 * lib/gnutls_record.c: simplified decrypted data allocation.
13431 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13435 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13437 * lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h:
13438 small optimizations.
13440 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13442 * lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility
13443 mode allow for larger record sizes than the maximum.
13445 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13447 * tests/Makefile.am, tests/{mini.c => record-sizes.c}: Updated mini
13450 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13452 * src/libopts/ag-char-map.h: Applied Bruce Korb's fix on
13453 unacceptable chars.
13455 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13457 * src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
13458 configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88.
13460 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13462 * tests/priorities.c: test also the number of ciphers.
13464 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13466 * NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
13467 lib/libgnutls.map: Added helper functions to export the available
13468 ciphers in a priority structure
13470 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13474 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13476 * tests/Makefile.am, tests/priorities.c: Added a test that checks
13477 whether the priorities behave as expected (depends on the supported
13478 ciphersuite numbers)
13480 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13482 * lib/gnutls_priority.c: When adding a bulk of priorities make sure
13483 they don't replace the whole list. Reported by Stefan Buehler.
13485 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13487 * doc/cha-gtls-app.texi: doc update
13489 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13491 * doc/cha-gtls-app.texi: updated doc
13493 2013-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13495 * src/libopts/ag-char-map.h: Ignore non-ascii characters in
13496 configuration file. This is a quick fix for
13498 http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html
13500 2013-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13502 * Makefile.am: make sure that the .info files are as new as the pdfs
13505 2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13507 * doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509
13508 server example updated to include OCSP stapling
13510 2013-07-16 Matt Whitlock <matt@whitlock.name>
13512 * lib/gnutls_buffers.c: avoid leaking a buffer element when
13513 _gnutls_stream_read returns 0
13515 2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13517 * lib/gnutls_x509.c: doc update
13519 2013-07-17 Stefan Bühler <stbuehler@web.de>
13521 * lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1"
13522 misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps
13523 other functions) assumes the list to be zero terminated. Make prio_remove zero the element at the end, and use the actual
13524 length of the list in prio_add. Relying on the trailing zero will fail if the list is full, and
13525 might lead to invalid memory accesses as the loop won't stop until
13526 it finds either the algorithm identifier or 0.
13528 2013-07-17 Adam Sampson <ats@offog.org>
13530 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
13531 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
13532 tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair
13533 on _WIN32. socketpair isn't provided on Windows, so these tests should just
13534 exit 77. Note that resume-dtls.c already had a guard like this -- I've
13535 rewritten it to match the others, but socketpair (presumably!) isn't
13536 the only reason that test is disabled on Win32. Signed-off-by: Adam Sampson <ats@offog.org>
13538 2013-07-16 Adam Sampson <ats@offog.org>
13540 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
13541 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
13542 tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP
13543 connections. Besides simplifying the code, this also makes it possible to run
13544 "make check" in parallel -- previously this didn't work because
13545 several tests were trying to bind the same port. Signed-off-by: Adam Sampson <ats@offog.org>
13547 2013-07-16 Adam Sampson <ats@offog.org>
13549 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
13550 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
13551 tests/x509dn.c, tests/x509self.c: Detect socket() error responses
13552 correctly. The code was testing the wrong variable... Signed-off-by: Adam Sampson <ats@offog.org>
13554 2013-07-16 Adam Sampson <ats@offog.org>
13556 * doc/scripts/gdoc: Avoid depending on hash order in gdoc. Previously, gdoc had a hash of regexp replacements for each output
13557 format, and applied the replacements in the order that "keys"
13558 returned for the hash. However, not all orders are safe -- and now
13559 that Perl 5.18 randomises hash order per-process, it only worked
13560 sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
13561 #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
13562 #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
13563 @code{gnutls_session_t} structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
13564 @code{gnutls_session_t} structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
13565 #gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
13566 #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
13567 @code{gnutls_session_t} structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
13568 @code{code} {gnutls_session_t} structure.' This patch turns the hash into a list, so the replacements will
13569 always be done in the intended order. Signed-off-by: Adam Sampson <ats@offog.org>
13571 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13573 * tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c,
13574 tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c,
13575 tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under
13576 reliable transports to avoid unexpected packet loss.
13578 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13580 * lib/Makefile.am: Link with librt when needed. Reported by Joern
13583 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13585 * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
13586 lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need
13587 for the additional version variable.
13589 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13591 * cross.mk: updated w32 makefile
13593 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13595 * build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c,
13596 gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4,
13597 gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4,
13598 gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4,
13599 gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h,
13600 gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c,
13601 gl/tests/ignore-value.h, gl/tests/malloca.c,
13602 gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c,
13603 gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c,
13604 gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk:
13607 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13609 * NEWS: released 3.2.2
13611 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13613 * lib/gnutls_global.c: doc update
13615 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13617 * lib/includes/gnutls/gnutls.h.in: typo fix
13619 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13621 * src/common.c: gnutls-cli -l prints the supported digest algorithms
13624 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13626 * lib/gnutls_handshake.c: corrected return value.
13628 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13630 * configure.ac: Check for nanosleep in librt, when not in libc.
13631 Reported by Joern Clausen.
13633 2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13635 * lib/gnutls_int.h: corrected typo
13637 2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13639 * README-alpha: updated
13641 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13643 * lib/gnutls_int.h: try to reduce memory in internal structure
13645 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13647 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
13648 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
13649 tests/mini-x509-callbacks.c: Allow hooks to be called before or
13650 after generation/receiving.
13652 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13654 * lib/gnutls_handshake.c, lib/gnutls_state.c,
13655 lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function,
13656 to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba.
13658 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13662 2013-07-10 Gustavo Zacarias <gustavo@zacarias.com.ar>
13664 * lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes
13665 and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build
13666 failures. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
13668 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13670 * lib/algorithms/mac.c: doc update
13672 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13676 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13680 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13682 * lib/gnutls_handshake.c: make sure that the hook function is always
13685 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13687 * doc/Makefile.am, doc/manpages/Makefile.am: New functions added
13689 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13691 * configure.ac, m4/hooks.m4: bumped version
13693 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13695 * lib/gnutls_handshake.c: When resuming a session send only the
13696 mandatory extensions. That will make server behavior to conform to TLS RFC. Reported by
13699 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13701 * lib/ext/srtp.c: corrected typo
13703 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13707 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13709 * lib/ext/srtp.c: Include MKI size in size calculations for the
13710 extension. This prevents a parsing error when MKI is being used. Reported by
13713 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13715 * src/benchmark.h: Fix for NetBSD systems that do not have
13716 CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner.
13718 2013-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13720 * src/certtool.c: make sure that a valid number of days is entered
13722 2013-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13724 * doc/DCO.txt: Added DCO
13726 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13728 * lib/libgnutls.map: added new functions
13730 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13732 * tests/mini-dtls-hello-verify.c: simplified structure
13734 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13736 * lib/gnutls_handshake.c: corrected issue in client hello verify.
13738 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13740 * NEWS, lib/algorithms/mac.c, lib/gnutls_int.h,
13741 lib/includes/gnutls/gnutls.h.in: Added helper functions for digests.
13743 2013-07-04 Stef Walter <stefw@redhat.com>
13745 * lib/pkcs11.c: pkcs11: Use the correct attribute length for
13746 CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
13747 are done with the attribute byte values, we need to get the length
13748 exactly right. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
13750 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13752 * tests/mini-x509-callbacks.c: updated for new callback format
13754 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13756 * lib/gnutls_priority.c: corrected typo
13758 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13760 * .gitignore: more files to ignore
13762 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13764 * lib/gnutls_dtls.c: doc update
13766 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13768 * lib/gnutls_priority.c: when removing a cipher priority, make sure
13771 2013-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13773 * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in:
13774 gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size
13776 2013-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13778 * lib/crypto-api.c: doc update
13780 2013-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13782 * po/eo.po.in, po/fi.po.in: Sync with TP.
13784 2013-06-28 Ludovic Courtès <ludo@gnu.org>
13786 * guile/src/core.c: guile: Keep a weak reference on objects
13787 aggregated by other objects. Before, in cases such as `set-anonymous-server-dh-parameters!' where
13788 the C object beneath CRED keeps a pointer to the C object beneath
13789 DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading
13790 to the destruction of the underlying C object. Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
13792 2013-06-28 Ludovic Courtès <ludo@gnu.org>
13794 * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
13795 guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather
13796 than `fileno'. This has no practical impact, but it's a better way to express that
13797 we don't want the file descriptors closed behind our back.
13799 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13801 * doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT
13803 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13805 * doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
13806 documented private extensions
13808 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13810 * lib/gnutls_handshake.c, lib/gnutls_state.c,
13811 lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply
13812 only to post-processing or generation of messages.
13814 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13816 * lib/gnutls_record.c: documented dtls behavior.
13818 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13820 * lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU
13822 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13824 * tests/mini-dtls-large.c: make sure that no DTLS MTU size can
13827 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13829 * lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle
13830 dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b.
13832 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13834 * tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify
13835 whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets
13837 2013-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13839 * po/cs.po.in: Sync with TP.
13841 2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13843 * lib/gnutls_dh_primes.c: check for zero values when import DH
13846 2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13848 * po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in:
13851 2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13855 2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13857 * NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c,
13858 lib/gnutls_int.h, lib/gnutls_state.c,
13859 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
13860 tests/mini-x509-callbacks.c: Added
13861 gnutls_handshake_set_hook_function() to allow hooks on arbitrary
13862 handshake messages.
13864 2013-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13866 * doc/announce.txt: added BCC to avoid forgetting it in the future
13868 2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13870 * doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update
13872 2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13874 * NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c,
13875 lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in,
13876 lib/libgnutls.map: avoid the introduction of a new function to
13877 disable replay protection.
13879 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13881 * tests/suite/testcompat-main: changed port to avoid conflicts
13883 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13885 * tests/mini-overhead.c: small update
13887 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13889 * src/cli.c: removed unused var
13891 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13893 * src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool
13896 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13898 * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in,
13899 lib/libgnutls.map: Added gnutls_record_overhead_size() and Added
13900 gnutls_record_overhead_size2().
13902 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13904 * lib/gnutls_state.c: doc update
13906 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13908 * NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
13909 lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay
13910 protection can now be disabled.
13912 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13914 * lib/gnutls_state.c: doc update
13916 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13918 * NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h,
13919 lib/libgnutls.map: Added gnutls_cipher_get_tag_size().
13921 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13923 * NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
13924 lib/libgnutls.map: Added gnutls_certificate_set_trust_list().
13926 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13928 * lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
13929 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
13930 lib/gnutls_sig.c: explicit tests for non-null version
13932 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13934 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo
13936 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13938 * .gitignore: more files to ignore
13940 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13942 * lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat
13943 timeout documentation; reported by Sebastien Decugis.
13945 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13947 * build-aux/ar-lib: updated file
13949 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13951 * tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files
13953 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13955 * build-aux/test-driver, configure.ac: require automake 1.12.2 for
13958 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13960 * lib/gnutls_priority.c: SECURE -> SECURE128
13962 2013-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13964 * guile/tests/priorities.scm: corrected priority strings
13966 2013-06-06 Martin Storsjo <martin@martin.st>
13968 * extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
13969 lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
13970 lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am,
13971 lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
13972 lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included
13973 implicitly via gnutls_int.h, if the nettle include directories
13974 aren't in one of the compiler standard paths. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
13976 2013-06-06 Martin Storsjo <martin@martin.st>
13978 * src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config
13979 include and lib paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
13981 2013-06-06 Ludovic Courtès <ludo@gnu.org>
13983 * guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by
13986 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13988 * lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies
13991 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13993 * lib/nettle/Makefile.am: correctly place cflags
13995 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13997 * doc/cha-shared-key.texi: discourage usage of anonymous
14000 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14002 * doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update
14004 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14006 * lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am,
14007 m4/hooks.m4: Directly link to gmp library. Based on original patch
14008 by Alon Bar-Lev <alon.barlev@gmail.com>.
14010 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14012 * cross.mk: updated cross.mk
14014 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14016 * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
14017 tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several
14018 updates for tests to run under win32
14020 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14022 * lib/system.c: null terminate strings in windows
14024 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14026 * cross.mk: updated makefile
14028 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14030 * tests/pkcs12-decode/pkcs12: fix windows extension
14032 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14034 * tests/pkcs1-padding/Makefile.am: avoid running tests which require
14035 datefudge in windows
14037 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14039 * src/cli.c: avoid struct sigaction in win32
14041 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14043 * tests/cert-tests/pem-decoding: Avoid comparing the expiration date
14044 to prevent false positive error in 32-bit systems.
14046 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14048 * tests/cert-tests/pathlen: Revert "Avoid comparing the expiration
14049 date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00.
14051 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14053 * tests/cert-tests/pathlen: Avoid comparing the expiration date to
14054 prevent false positive error in 32-bit systems.
14056 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14060 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14062 * doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates
14064 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14066 * NEWS: updated from 3.2.1
14068 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14070 * configure.ac: check for suse's CA bundle file
14072 2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14074 * lib/openpgp/privkey.c: call cleanup and deinit on the correct
14075 number of parameters
14077 2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14079 * lib/gnutls_pk.c: avoid calling clear on null values
14081 2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14083 * configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use
14084 pkg-config to detect nettle
14086 2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14088 * tests/mini-xssl.c: ignore sigpipe
14090 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14092 * lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic
14093 curves even when using SSL 3.0. This works around a bug on openssl
14094 in certain Debian systems.
14096 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14098 * po/LINGUAS, po/eo.po.in: Sync with TP.
14100 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14102 * .gitignore: more files to ignore
14104 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14106 * tests/mini-xssl.c: updated xssl.
14108 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14110 * lib/gnutls_dtls.c: doc update
14112 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14114 * tests/mini-overhead.c: document sizes
14116 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14118 * lib/gnutls_dtls.c: more precise calculation of overhead
14120 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14122 * tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS.
14124 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14126 * lib/gnutls_dtls.c: doc update
14128 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14132 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14134 * configure.ac, m4/hooks.m4: bumped version
14136 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14138 * lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in:
14139 revert prototype move
14141 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14143 * doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am:
14146 2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14148 * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory
14149 copy on decryption.
14151 2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14153 * lib/gnutls_cipher_int.h: corrected likely()
14155 2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14157 * tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use
14158 various ciphers in tests.
14160 2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14162 * lib/gnutls_privkey.c: doc update
14164 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14166 * tests/mini-dtls-record.c: avoid delays by using a reliable
14169 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14171 * .gitignore: removed test file from repository
14173 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14175 * tests/mini-record.c: avoid delays by using a reliable transport
14178 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14180 * lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
14181 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory
14182 copy at encryption.
14184 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14186 * lib/nettle/pk.c: eliminated unused variable
14188 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14190 * lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in().
14191 Report by Mann Ern Kang.
14193 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14195 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
14196 simplified code by passing an mbuffer.
14198 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14200 * lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name
14202 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14204 * lib/gnutls_pubkey.c: always set hash length
14206 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14208 * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c:
14209 corrected bug with _gnutls_dsa_q_to_hash() usage introduced
14212 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14214 * lib/abstract_int.h, lib/algorithms.h,
14215 lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
14216 lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c,
14217 lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
14218 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
14219 lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
14220 lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS
14221 protocol version properties.
14223 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14225 * lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c,
14226 lib/algorithms.h, lib/algorithms/ciphers.c,
14227 lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
14228 lib/algorithms/protocols.c, lib/algorithms/sign.c,
14229 lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c,
14230 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
14231 lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
14232 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
14233 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
14234 lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c,
14235 lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
14236 lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am,
14237 lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c,
14238 lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c,
14239 lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
14240 lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
14241 lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
14242 lib/x509/x509_int.h: simplified access to cipher and mac properties
14243 to reduce wasted cycles.
14245 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14247 * extra/gnutls_openssl.c: modified openssl compat API to use the
14250 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14252 * lib/libgnutls.map: no longer export internal hash functions
14254 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14256 * tests/mini-dtls-hello-verify.c: removed memory leak
14258 2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14260 * lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions
14262 2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14264 * lib/gnutls_mbuffers.c: avoid calloc
14266 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14268 * lib/gnutls_record.c: fixes in record version checking
14270 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14272 * src/cli.c: use sigaction instead of signal in gnutls-cli
14274 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14276 * src/cli.c: Revert "break the loop when a SIGALRM has been
14277 received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b.
14279 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14281 * src/libopts/m4/libopts.m4: relax check on requirement on headers
14282 for libopts. Reported by Mark Brand.
14284 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14286 * .gitignore: more files to ignore
14288 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14290 * lib/gnutls_record.c: Improved record version checks
14292 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14294 * tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for
14295 hello verify message
14297 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14299 * lib/nettle/mac.c: fail on wrong key sizes
14301 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14303 * NEWS, lib/gnutls_dtls.c: corrected record overhead calculations
14305 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14307 * lib/gnutls_record.c: more detailed error
14309 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14311 * lib/gnutls_handshake.c: corrected resumption check
14313 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14315 * NEWS: updated doc
14317 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14319 * lib/gnutls_record.c: Allow record layer packets with version less
14320 than the negotiated. Allowing such records avoids issue in DTLS client hello request
14323 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14325 * lib/gnutls.pc.in: removed undefined variable
14327 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14329 * NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c,
14330 lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
14331 gnutls_session_set_id() was added
14333 2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14335 * src/cli.c: break the loop when a SIGALRM has been received
14337 2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14339 * src/libopts/m4/libopts.m4: configure proceeds if regex library
14342 2013-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14344 * lib/gnutls_str.c: documented function behavior
14346 2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14348 * lib/gnutls_str.c: corrected typo
14350 2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14352 * lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c,
14353 lib/opencdk/sig-check.c, lib/x509/common.c,
14354 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
14355 lib/xssl.c, libdane/dane.c: several updates
14357 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14359 * src/danetool.c: print message on certificate verification
14361 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14365 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14367 * tests/cert-tests/pem-decoding: more verbose messages
14369 2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
14371 * tests/eagain-common.h: When retrying gnutls_record_send due to
14372 GNUTLS_E_AGAIN, also try passing null data and length. Tests will
14373 fail after this patch until next patch is applied that fixes a bug
14374 in gnutls_record_send. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
14376 2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
14378 * lib/gnutls_record.c: If gnutls_record_send fails with
14379 GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows
14380 passing null for the data and size on retry. Commit 2ec84d6 broke this usage of gnutls_record_send. This patch
14381 fixes the problem. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
14383 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14385 * doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas
14388 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14390 * NEWS: released 3.2.0
14392 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14394 * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
14395 doc/cha-gtls-examples.texi: simplified node referencing and add
14398 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14400 * m4/hooks.m4: increased revision
14402 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14404 * doc/Makefile.am, doc/manpages/Makefile.am: doc update
14406 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14408 * NEWS, lib/algorithms/ciphersuites.c: Added more options for
14411 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14413 * src/libopts/m4/libopts.m4: applied libregex patch
14415 2013-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14417 * cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
14418 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
14419 lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
14420 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
14421 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
14422 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
14423 lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style
14424 comments to compile in old MacOSX systems. Reported by Ryan Schmidt.
14426 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14428 * doc/cha-auth.texi: doc update
14430 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14432 * lib/ext/alpn.c: clarified doc
14434 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14436 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
14437 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
14438 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
14439 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
14440 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
14441 doc/manpages/tpmtool.1: updated for new autogen
14443 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14445 * tests/mini-alpn.c: updated for new api
14447 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14449 * tests/dtls/dtls-stress.c: updated path
14451 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14453 * src/cli.c: corrected API usage.
14455 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14457 * lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c,
14458 lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support
14459 for the NO_APPLICATION_PROTOCOL alert for ALPN.
14461 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14463 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c,
14464 src/common.c: Improved ALPN support in gnutls-cli
14466 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14468 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
14469 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
14470 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
14471 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
14472 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
14473 src/srptool-args.c, src/srptool-args.h: updated libopts generated
14476 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14478 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
14479 src/libopts/Makefile.am, src/libopts/README,
14480 src/libopts/ag-char-map.h, src/libopts/alias.c,
14481 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
14482 src/libopts/autoopts.c, src/libopts/autoopts.h,
14483 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
14484 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
14485 src/libopts/check.c, src/libopts/compat/compat.h,
14486 src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c,
14487 src/libopts/compat/strchr.c, src/libopts/compat/strdup.c,
14488 src/libopts/compat/windows-config.h, src/libopts/configfile.c,
14489 src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
14490 src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
14491 src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
14492 src/libopts/libopts.c, src/libopts/load.c,
14493 src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
14494 src/libopts/makeshell.c, src/libopts/nested.c,
14495 src/libopts/numeric.c, src/libopts/option-value-type.c,
14496 src/libopts/option-value-type.h,
14497 src/libopts/option-xat-attribute.c,
14498 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
14499 src/libopts/parse-duration.h, src/libopts/pgusage.c,
14500 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
14501 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
14502 src/libopts/stack.c, src/libopts/streqvcmp.c,
14503 src/libopts/text_mmap.c, src/libopts/time.c,
14504 src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
14505 updated libopts to autogen 5.17.3
14507 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14509 * src/cli-args.def, src/cli.c: Added --alpn option to cli
14511 2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14513 * configure.ac, m4/hooks.m4: bumped version
14515 2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14517 * NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
14518 lib/nettle/mac.c: Added umac-128
14520 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14522 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the
14523 key purpose in certificate requests
14525 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14527 * tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is
14528 disabled. Reported by Linus Nordberg.
14530 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14532 * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo.
14533 reported by Etan Reisner.
14535 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14537 * tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c:
14538 updated include files
14540 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14542 * lib/gnutls_handshake.c: simplified code
14544 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14546 * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
14547 gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
14548 gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c,
14549 gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib
14551 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14553 * tests/anonself.c, tests/certder.c,
14554 tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
14555 tests/chainverify-unsorted.c, tests/chainverify.c,
14556 tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
14557 tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c,
14558 tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c,
14559 tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
14560 tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c,
14561 tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c,
14562 tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
14563 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
14564 tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
14565 tests/mini-loss-time.c, tests/mini-record-range.c,
14566 tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c,
14567 tests/mini-termination.c, tests/mini-x509-2.c,
14568 tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
14569 tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c,
14570 tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c,
14571 tests/openpgp-auth.c, tests/openpgp-auth2.c,
14572 tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
14573 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
14574 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
14575 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
14576 tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
14577 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
14578 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
14579 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
14580 tests/set_pkcs12_cred.c, tests/setcredcrash.c,
14581 tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
14582 tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
14583 tests/suite/mini-record-timing.c, tests/utils.h,
14584 tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
14585 tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When
14586 running tests disable PKCS #11 support to avoid detecting memory
14587 leaks from PKCS #11 libraries.
14589 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14591 * lib/gnutls_dtls.c: doc update
14593 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14595 * tests/dtls/Makefile.am: link explicitly to librt
14597 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14601 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14605 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14607 * .gitignore, build-aux/config.rpath, build-aux/gendocs.sh,
14608 configure.ac, gl/Makefile.am, gl/gettime.c,
14609 gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4,
14610 gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
14611 gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4,
14612 gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4,
14613 gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h,
14614 gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c,
14615 gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c,
14616 lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c,
14617 lib/system.h, src/benchmark-cipher.c, src/benchmark.c,
14618 src/benchmark.h, tests/suite/Makefile.am,
14619 tests/suite/mini-record-timing.c: Avoid linking the library on
14622 2013-04-27 Stef Walter <stefw@redhat.com>
14624 * tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
14626 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14628 * tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem,
14629 tests/cert-tests/pem-decoding: Added test for escaping rules.
14631 2013-04-27 Stef Walter <stefw@redhat.com>
14633 * lib/x509/common.c: Add the standard description OID to those
14634 recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
14636 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14638 * lib/x509/common.c, lib/x509/dn.c: Always escape printable strings
14639 the LDAP way, and avoid escaping hex encoded values. Report and
14640 initial patch from Stef Walter.
14642 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14644 * lib/x509/common.c, lib/x509/common.h: Do not include null
14645 terminator in DN string. When printing an unknown DN string as hex do not include the null
14646 terminator. Reported by Stef Walter.
14648 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14650 * configure.ac: Link against pthread only when pthread_mutex_lock
14653 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14655 * lib/accelerated/x86/sha-padlock.c: initialize the digest after
14658 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14660 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
14661 src/pkcs11.c: read_yesno() accepts a default value. By default
14662 certificates are marked as ok for signing and encryption.
14664 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14666 * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license
14668 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14670 * lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
14671 lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
14672 lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability
14675 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14677 * lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
14678 lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
14679 lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset
14680 separately. It is implied by nettle's output function.
14682 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14684 * lib/crypto-api.c: updated documentation
14686 2013-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14688 * src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
14689 src/benchmark.h: updated benchmark output
14691 2013-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14693 * doc/TODO: updated TODO list
14695 2013-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14697 * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the
14698 pass argument on PKCS #11 keys.
14700 2013-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14702 * lib/accelerated/x86/hmac-padlock.c,
14703 lib/accelerated/x86/sha-padlock.c: corrected memory leak in
14704 padlock_hash_fast()
14706 2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14708 * doc/cha-intro-tls.texi: mention about experimental protocols
14710 2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14712 * src/benchmark-tls.c: nettle 2.7 is required
14714 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14716 * doc/cha-crypto.texi: doc update
14718 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14720 * doc/cha-crypto.texi: Added documentation on public key API.
14722 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14724 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority
14725 string VERS-DTLS-ALL
14727 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14729 * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
14730 m4/hooks.m4: nettle 2.7 is required
14732 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14734 * NEWS: corrected doc
14736 2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14738 * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
14739 m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27
14741 2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14743 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
14744 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
14745 src/benchmark-tls.c: Added ESTREAM salsa20 cipher.
14747 2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14749 * lib/nettle/mac.c: better naming of functions
14751 2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14753 * lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
14754 lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new
14757 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14759 * README: added note about LGPLv3
14761 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14763 * lib/system_override.c: doc update
14765 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14767 * lib/gnutls_buffers.c: use unlikely
14769 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14771 * NEWS: documented update
14773 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14775 * configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am,
14776 lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c,
14777 lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
14778 lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am,
14779 tests/mini-alpn.c: Added support for the ALPN extension.
14781 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14783 * lib/gnutls_constate.c: removed unused variables
14785 2013-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14787 * src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT
14790 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14794 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14796 * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
14797 doc/cha-tokens.texi, lib/gnutls_x509.c,
14798 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
14799 gnutls_certificate_set_x509_key_mem2() and
14800 gnutls_certificate_set_x509_key_file2()
14802 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14804 * doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi,
14805 lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc
14808 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14810 * lib/algorithms.h, lib/algorithms/ciphers.c,
14811 lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h:
14812 removed TLS export key generation
14814 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14816 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am,
14817 lib/algorithms.h, lib/algorithms/ciphersuites.c,
14818 lib/algorithms/kx.c, lib/algorithms/publickey.c,
14819 lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c,
14820 lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c,
14821 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
14822 lib/gnutls_priority.c, lib/gnutls_rsa_export.c,
14823 lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
14824 lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
14825 lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c,
14826 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the
14827 RSA-EXPORT ciphersuites.
14829 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14831 * NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c,
14832 lib/algorithms/protocols.c, lib/gnutls_priority.c,
14833 lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added
14834 support for DTLS 1.2
14836 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14838 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
14839 lib/includes/gnutls/gnutls.h.in: deprecated
14840 gnutls_privkey_sign_raw_data()
14842 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14844 * doc/TODO: updated
14846 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14848 * lib/gnutls_range.c: updates in range handling code.
14850 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14852 * tests/Makefile.am, tests/mini-record-range.c: Added test for
14855 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14857 * lib/auth/ecdhe.c: Set the curve priority to calling derive.
14859 2013-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14861 * lib/nettle/pk.c: reduce the number of temp variables in ECDH
14863 2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14865 * src/common.c: print the signatures used.
14867 2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14869 * lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
14870 lib/gnutls_session_pack.c, lib/gnutls_sig.c,
14871 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
14872 gnutls_sign_algorithm_get_client()
14874 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14876 * lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat
14877 implementation to match the rest of the library
14879 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14881 * doc/cha-internals.texi: updated text
14883 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14885 * lib/ext/heartbeat.c: gnutls_pong() returns zero on success.
14887 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14889 * lib/ext/heartbeat.h: removed function that didn't exist
14891 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14893 * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat
14895 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14897 * tests/mini-dtls-heartbeat.c: Check all error conditions.
14899 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14901 * lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by
14904 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14906 * NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c,
14907 lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
14908 lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
14909 lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
14910 lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
14911 lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c,
14912 lib/nettle/ecc_projective_add_point_ng.c,
14913 lib/nettle/ecc_projective_check_point.c,
14914 lib/nettle/ecc_projective_dbl_point_3.c,
14915 lib/nettle/ecc_projective_isneutral.c,
14916 lib/nettle/ecc_projective_negate_point.c,
14917 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
14918 lib/nettle/ecc_verify_hash.c, lib/nettle/init.c,
14919 lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c,
14920 lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve
14921 code from gnutls. Use nettle's implementation.
14923 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14925 * src/serv.c: corrected issue in ecccertfile option
14927 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14929 * lib/gnutls_handshake.c: make a short list of the available PK
14932 2013-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14934 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
14935 lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign
14936 and verification flags to operate in RSA raw mode (as used in TLS).
14938 2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14940 * lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow
14941 for a wrong version in the RSA PMS.
14943 2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14945 * lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c,
14946 lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c:
14947 convert gnutls versions to TLS major-minor in a single function.
14949 2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14951 * devel/perlasm/license-gnutls.txt,
14952 lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
14953 lib/accelerated/x86/coff/cpuid-x86-coff.s,
14954 lib/accelerated/x86/elf/cpuid-x86-64.s,
14955 lib/accelerated/x86/elf/cpuid-x86.s,
14956 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
14957 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
14958 lib/ext/status_request.h, lib/gnutlsxx.cpp,
14959 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
14960 lib/includes/gnutls/x509.h, lib/libgnutls.map,
14961 lib/x509/verify-high.h: changed license headers to 2.1. Reported by
14964 2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14968 2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14970 * doc/manpages/Makefile.am: updated copyright
14972 2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14974 * NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c,
14975 lib/crypto-api.c, lib/includes/gnutls/crypto.h,
14976 lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size()
14978 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14982 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14984 * lib/gnutls_privkey.c: doc update
14986 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14988 * doc/cha-internals.texi: corrected file location
14990 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14992 * tests/openpgp-auth.c: use return instead of exit
14994 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14996 * lib/auth/cert.c: use the proper defines
14998 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15000 * NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c,
15001 lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h,
15002 lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with
15003 fingerprints. Reported by Joke de Buhr.
15005 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15007 * tests/openpgp-auth.c: openpgp-auth tests
15008 gnutls_openpgp_set_recv_key_function() as well.
15010 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15012 * NEWS, lib/gnutls_sig.c: correct issue with the (deprecated)
15013 external key signing and TLS 1.2
15015 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15017 * src/benchmark.c: use clock_gettime when we can
15019 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15021 * src/benchmark-cipher.c: removed R20
15023 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15025 * NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
15026 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
15027 src/benchmark-tls.c: Salsa20R20 -> Salsa20
15029 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15031 * lib/libgnutls.map, tests/gc.c: use the exported variant of
15032 _gnutls_hmac_fast().
15034 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15036 * NEWS, lib/accelerated/cryptodev.c,
15037 lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c,
15038 lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
15039 lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
15040 lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
15041 lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
15042 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
15043 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
15044 lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c,
15045 lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4,
15046 src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can
15047 now be used for other MAC algorithms, like UMAC. UMAC-96 and
15048 UMAC-128 were conditionally added.
15050 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15052 * src/benchmark-tls.c: use RSA ciphersuite to compare ciphers.
15054 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15056 * lib/gnutls_cipher.c: corrected bug in stream ciphers and added new
15057 cipher to the new padding format.
15059 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15061 * NEWS, lib/algorithms.h, lib/algorithms/ciphers.c,
15062 lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
15063 lib/gnutls_constate.c, lib/gnutls_dtls.c,
15064 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
15065 lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c,
15066 lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c,
15067 src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites.
15069 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15071 * lib/pkcs11.c: search only for slots with tokens and avoid caching
15072 to prevent issues with multiple threads.
15074 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15078 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15080 * doc/cha-tokens.texi, lib/gnutls_privkey.c,
15081 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
15082 gnutls_privkey_status()
15084 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15086 * lib/pkcs11.c: avoid internal error
15088 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15090 * lib/pkcs11.c: use correct type for rv
15092 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15096 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15098 * lib/pkcs11.c: scan slots on PKCS #11 providers only when needed,
15099 not on initialization.
15101 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15103 * lib/gnutls_privkey.c: doc update
15105 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15107 * doc/cha-library.texi: documented the new configure options
15109 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15111 * NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c,
15112 lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private
15113 key parameters are overwritten with zeros on deinitialization.
15115 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15117 * doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib:
15120 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15122 * doc/cha-tokens.texi: simplified text
15124 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15126 * configure.ac, m4/hooks.m4: bumped version
15128 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15130 * NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
15131 lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
15132 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
15133 gnutls_privkey_sign_raw_data()
15135 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15137 * lib/gnutls_pcert.c: simplified code
15139 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15141 * src/serv.c: gnutls-serv may run without certificate, but will
15144 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15146 * src/serv.c: gnutls-serv issues an error if no certificate and key
15149 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15151 * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1
15153 2013-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15155 * lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
15156 lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added
15157 several ifdefs to avoid using disabled code.
15159 2013-03-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
15161 * doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for
15162 *_key_id() creation. For the rationale behind this, see the gnutls-devl thread 'X.509
15163 "Key Identifiers" in GnuTLS' found either at
15165 http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland
15166 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
15168 2013-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15170 * NEWS, doc/examples/ex-cert-select-pkcs11.c,
15171 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
15172 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
15173 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
15174 lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
15175 lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc()
15177 2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15179 * configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
15180 lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c,
15181 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c,
15182 lib/auth/dhe_psk.c, lib/auth/{ecdh_common.c => ecdhe.c},
15183 lib/auth/{ecdh_common.h => ecdhe.h}, lib/auth/rsa_export.c,
15184 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
15185 lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
15186 m4/hooks.m4: Added options to disable more key exchange mechanisms. In that DHE was separated from ECDHE.
15188 2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15190 * src/serv.c: removed unneeded code
15192 2013-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15194 * src/cli.c: When requesting DANE data resolve a service name into a
15195 port number. Reported by James Cloos.
15197 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15201 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15203 * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update
15205 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15207 * lib/x509/dn.c: avoid duplicate memory allocation in
15208 _gnutls_x509_get_dn()
15210 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15212 * tests/cert-tests/dane-test.rr: The default dane output is type 03
15215 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15217 * lib/gnutls_x509.c: simplified
15219 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15221 * lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return
15222 proper also when loading a private key.
15224 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15226 * lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER ->
15227 GNUTLS_TPMKEY_FMT_RAW
15229 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15231 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c:
15232 return unimplemented feature on encounter of a known but unsupported
15235 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15237 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
15238 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
15239 src/danetool.c: updates in danetool
15241 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15243 * Makefile.am, configure.ac: Added configure option to disable the
15246 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15248 * doc/invoke-certtool.texi, src/certtool-args.c,
15249 src/certtool-args.def, src/certtool-args.h: updated example
15252 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15254 * tests/suite/ecore/src/lib/Ecore.h: updated
15256 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15258 * lib/x509_b64.c: corrected allocation size
15260 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15262 * lib/gnutls_ui.c: simplified text
15264 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15266 * configure.ac: Fixes in cpu and cross-compilation detection
15268 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15270 * lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c,
15271 lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn().
15273 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15275 * lib/system.c: check revocation prior to reading local certs.
15277 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15279 * lib/x509/verify-high.c: deinitialize the certificate
15281 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15285 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15287 * configure.ac: When cross compiling do not check for ca
15290 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15292 * configure.ac: auto-detect CA certificates only if
15293 with-default-trust-store-file is not provided.
15295 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15297 * lib/system.c: corrected parameters.
15299 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15301 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
15302 lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c,
15303 tests/x509cert-tl.c: Added functions that remove certificates from a
15306 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15308 * libdane/includes/gnutls/dane.h: updated doc
15310 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15312 * lib/system.c: Check for revoked certs in android and do not add.
15313 Suggested by David Woodhouse.
15315 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15317 * lib/system.c: corrected add_system_trust() in the unsupported
15320 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15322 * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
15323 lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c,
15324 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several
15325 optimizations on certificate comparisons including DN. This speeds
15326 up CA certificate loading, and certificate verification.
15328 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15330 * lib/x509/verify-high.c: Revert "When making the hash list of the
15331 CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14.
15333 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15337 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15339 * lib/x509/verify-high.c: When making the hash list of the CAs avoid
15340 calling get_raw_*_dn() which is very costly.
15342 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15344 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
15345 lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c,
15346 lib/x509/x509_int.h: Added new functions to get the LDAP DN in an
15349 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15351 * src/cli.c: Removed unused code.
15353 2013-03-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
15355 * lib/x509/x509_write.c: fix description of id_size parameter
15357 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15359 * lib/system.c: handle the interesting variance between directories
15361 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15363 * lib/system.c: test for ANDROID or __ANDROID__
15365 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15367 * build-aux/ar-lib: updated
15369 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15371 * configure.ac: call gl_EARLY earlier, and add AM_PROG_AR.
15373 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15375 * lib/gnutls.pc.in: corrected link
15377 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15379 * configure.ac: removed Werror from automake rules
15381 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15383 * doc/Makefile.am: Added flag
15385 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15387 * .gitignore, ChangeLog: removed
15389 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15391 * lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation
15392 of programs that cannot be.
15394 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15396 * lib/system.c: more simplifications to
15397 gnutls_x509_trust_list_add_system_trust()
15399 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15403 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15405 * lib/system.c: corrected reading from directory.
15407 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15409 * lib/system.c: gnutls_x509_trust_list_add_system_trust() was made
15410 to work in android 4.x.
15412 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15416 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15418 * lib/system.c: More cleanups in
15419 gnutls_x509_trust_list_add_system_trust()
15421 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15423 * configure.ac: Select CPU optimizations based on target cpu rather
15426 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15428 * lib/Makefile.am, lib/system.c: some simplifications in
15429 gnutls_x509_trust_list_add_system_trust()
15431 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15433 * NEWS, src/certtool.c: Use ARCFOUR cipher by default to be
15434 compatible with devices like android that don't support AES
15436 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15438 * NEWS, doc/invoke-danetool.texi, libdane/dane.c,
15439 libdane/includes/gnutls/dane.h, src/danetool-args.c,
15440 src/danetool-args.def, src/danetool-args.h, src/danetool.c,
15441 tests/suite/Makefile.am, tests/suite/testdane: Added verify flags
15442 for DANE to enforce verification and restrict it to a field.
15444 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15446 * .gitignore, ChangeLog: added empty ChangeLog
15448 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15450 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
15451 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
15452 build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h,
15453 build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
15454 build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
15455 gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c,
15456 gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h,
15457 gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h,
15458 gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c,
15459 gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c,
15460 gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c,
15461 gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h,
15462 gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c,
15463 gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h,
15464 gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c,
15465 gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
15466 gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h,
15467 gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c,
15468 gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
15469 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
15470 gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
15471 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
15472 gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
15473 gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
15474 gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c,
15475 gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
15476 gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
15477 gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
15478 gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
15479 gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4,
15480 gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
15481 gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4,
15482 gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
15483 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4,
15484 gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4,
15485 gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
15486 gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
15487 gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4,
15488 gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4,
15489 gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
15490 gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
15491 gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
15492 gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
15493 gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
15494 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
15495 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
15496 gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4,
15497 gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
15498 gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4,
15499 gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
15500 gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
15501 gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4,
15502 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4,
15503 gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
15504 gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
15505 gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4,
15506 gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4,
15507 gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4,
15508 gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4,
15509 gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4,
15510 gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
15511 gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
15512 gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
15513 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
15514 gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4,
15515 gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4,
15516 gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
15517 gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
15518 gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
15519 gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
15520 gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
15521 gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4,
15522 gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4,
15523 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
15524 gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
15525 gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
15526 gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
15527 gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
15528 gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
15529 gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
15530 gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4,
15531 gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
15532 gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4,
15533 gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4,
15534 gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
15535 gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
15536 gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
15537 gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
15538 gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
15539 gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
15540 gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
15541 gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h,
15542 gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
15543 gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
15544 gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
15545 gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
15546 gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
15547 gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
15548 gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c,
15549 gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c,
15550 gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
15551 gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
15552 gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c,
15553 gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h,
15554 gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
15555 gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
15556 gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
15557 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
15558 gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
15559 gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c,
15560 gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
15561 gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
15562 gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
15563 gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c,
15564 gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c,
15565 gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
15566 gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh,
15567 gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h,
15568 gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c,
15569 gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h,
15570 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
15571 gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c,
15572 gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c,
15573 gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c,
15574 gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c,
15575 gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
15576 gl/tests/test-accept.c, gl/tests/test-alloca-opt.c,
15577 gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
15578 gl/tests/test-arpa_inet.c, gl/tests/test-base64.c,
15579 gl/tests/test-binary-io.c, gl/tests/test-bind.c,
15580 gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
15581 gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c,
15582 gl/tests/test-close.c, gl/tests/test-connect.c,
15583 gl/tests/test-dirent.c, gl/tests/test-dup2.c,
15584 gl/tests/test-environ.c, gl/tests/test-errno.c,
15585 gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
15586 gl/tests/test-fgetc.c, gl/tests/test-float.c,
15587 gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c,
15588 gl/tests/test-fread.c, gl/tests/test-frexp.c,
15589 gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
15590 gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
15591 gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
15592 gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
15593 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
15594 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
15595 gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
15596 gl/tests/test-func.c, gl/tests/test-fwrite.c,
15597 gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
15598 gl/tests/test-getdelim.c, gl/tests/test-getline.c,
15599 gl/tests/test-getopt.c, gl/tests/test-getopt.h,
15600 gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
15601 gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c,
15602 gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c,
15603 gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
15604 gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
15605 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
15606 gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c,
15607 gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
15608 gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
15609 gl/tests/test-isnanl.h, gl/tests/test-listen.c,
15610 gl/tests/test-locale.c, gl/tests/test-localename.c,
15611 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
15612 gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
15613 gl/tests/test-math.c, gl/tests/test-memchr.c,
15614 gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
15615 gl/tests/test-open.c, gl/tests/test-open.h,
15616 gl/tests/test-pathmax.c, gl/tests/test-perror.c,
15617 gl/tests/test-perror2.c, gl/tests/test-pipe.c,
15618 gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
15619 gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
15620 gl/tests/test-read-file.c, gl/tests/test-recv.c,
15621 gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
15622 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
15623 gl/tests/test-select.h, gl/tests/test-send.c,
15624 gl/tests/test-sendto.c, gl/tests/test-setenv.c,
15625 gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c,
15626 gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
15627 gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
15628 gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
15629 gl/tests/test-sockets.c, gl/tests/test-stat.c,
15630 gl/tests/test-stat.h, gl/tests/test-stdalign.c,
15631 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
15632 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
15633 gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
15634 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
15635 gl/tests/test-string.c, gl/tests/test-strings.c,
15636 gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
15637 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
15638 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
15639 gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
15640 gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
15641 gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
15642 gl/tests/test-sysexits.c, gl/tests/test-time.c,
15643 gl/tests/test-u64.c, gl/tests/test-unistd.c,
15644 gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c,
15645 gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh,
15646 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
15647 gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
15648 gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
15649 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
15650 gl/tests/unistr/test-u8-mbtoucr.c,
15651 gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c,
15652 gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
15653 gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
15654 gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
15655 gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c,
15656 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
15657 gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
15658 gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk:
15661 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15663 * lib/libgnutls.map: Added gnutls_pkcs11_privkey_status
15665 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15667 * doc/Makefile.am, doc/invoke-certtool.texi,
15668 doc/manpages/Makefile.am: updated
15670 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15672 * NEWS, configure.ac, m4/hooks.m4: bumped version
15674 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15676 * lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c,
15677 lib/gnutls_session_pack.c: small optimizations in session storage
15679 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15681 * lib/gnutls_state.c: no need to memset during session deinit.
15683 2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15685 * NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation
15688 2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15690 * lib/gnutls_db.c, lib/gnutls_handshake.c,
15691 lib/gnutls_session_pack.c: Small fixes.
15693 2013-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15695 * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added
15696 gnutls_pkcs11_privkey_status().
15698 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15700 * lib/x509/verify.c: doc update
15702 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15704 * libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h:
15705 when verifying a DANE CA constraint make sure that the provided
15706 chain is actually a chain.
15708 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15710 * libdane/dane.c: doc update
15712 2013-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15714 * doc/cha-tokens.texi: mention enable-in in p11-kit config.
15716 2013-02-20 Jaak Ristioja <jaak.ristioja@cyber.ee>
15718 * lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code
15719 functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix
15720 compilation of certtool when PSK is disabled. These are rather generic functions by nature, so it would be
15721 reasonable to include them in GnuTLS even if PSK support is
15722 disabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
15724 2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15726 * lib/pkcs11.c: print info on reinitializor error.
15728 2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15730 * doc/cha-cert-auth.texi: Documented the DANE situation in gnutls.
15731 Suggested by Gabor Toth.
15733 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15735 * NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize
15738 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15740 * lib/pkcs11.c: return proper error
15742 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15746 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15748 * src/serv.c: use set_int when needed
15750 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15752 * lib/ext/session_ticket.c, lib/gnutls_datum.c,
15753 lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c,
15754 lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use
15755 gnutls_realloc_fast everywhere. Suggested by David Woodhouse.
15757 2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15759 * lib/auth/rsa.c: better cleanup on error on export case
15761 2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15763 * lib/x509/x509.c: corrected parsing issue in XMPP data when in a
15764 subject alternative name
15766 2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15768 * doc/cha-tokens.texi, lib/gnutls_record.c,
15769 lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up
15770 the PIN calling in TPM
15772 2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15774 * NEWS, doc/cha-gtls-app.texi,
15775 doc/examples/ex-cert-select-pkcs11.c,
15776 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
15777 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
15778 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
15779 doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
15780 doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
15781 doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c,
15782 lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
15783 lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience
15784 functions to avoid ugly casting in simple programs.
15786 2013-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15788 * doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be
15789 more explicit in DTLS examples to account for LARGE_PACKET error
15791 2013-02-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
15793 * lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use
15795 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15797 * NEWS: documented fix
15799 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15801 * lib/libgnutls.map: corrected export of functions
15803 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15805 * NEWS: documented fix
15807 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15809 * lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data()
15811 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15813 * lib/x509/verify-high.c: reduced hash table size
15815 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15817 * lib/gnutls_pubkey.c: doc update
15819 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15821 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const
15823 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15825 * NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
15826 lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
15827 lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random
15828 -> gnutls_handshake_set_random
15830 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15832 * lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms
15834 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15836 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
15837 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
15838 gnutls_handshake_set_server_random
15840 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15842 * lib/nettle/rnd.c: properly set close-on-exec.
15844 2013-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15846 * doc/examples/ex-serv-anon.c: avoid ptrdiff_t
15848 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15850 * NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for
15851 a password to generate PKCS #12 files. That is when provided an encrypted key file. Reported by Yan Fiz.
15853 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15855 * lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS
15857 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15859 * tests/Makefile.am: removed duplicate
15861 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15863 * doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates
15865 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15867 * tests/Makefile.am: slow tests moved at the end of the suite
15869 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15871 * lib/gnutls_buffers.c: simplified cleaning-up in
15872 _gnutls_stream_read and _gnutls_dgram_read
15874 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15876 * lib/nettle/pk.c: corrected extract_digest_info
15878 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15880 * lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client
15881 side the verify callback is always being called.
15883 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15885 * lib/gnutls_priority.c: further relaxed security levels
15887 2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
15889 * Makefile.am, configure.ac: Add option to disable generation of any
15890 documentation for GnuTLS.
15892 2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
15894 * Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am:
15895 Prevent libdane pkgconfig stuff from being installed if libdane
15896 support is disabled.
15898 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15900 * NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8
15902 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15904 * NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and
15907 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15909 * lib/algorithms/secparams.c: reduced the very weak DH level to 768
15910 bits to not reject popular sites that operate on that level.
15912 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15914 * lib/auth/dh_common.c: added debugging message to indicate the
15917 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15919 * lib/gnutls_handshake.c: Do not call the certificate verification
15920 callback if certificates are ignored.
15922 2013-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15924 * lib/gnutls_record.c: avoid memset on the whole record header
15927 2013-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15929 * NEWS, lib/x509/privkey.c: fixed issue in
15930 gnutls_x509_privkey_import2()
15932 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15934 * doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib,
15935 lib/tpm.c: reference TPMURI
15937 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15939 * lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc
15941 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15943 * lib/nettle/pk.c: corrected typo
15945 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15947 * lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work
15948 with arbitrary key sizes.
15950 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15952 * lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added
15953 a magic number in front session DB data.
15955 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15957 * lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand.
15959 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15961 * NEWS, lib/gnutls_cipher.c: update
15963 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15965 * tests/cert-tests/ca-no-pathlen.pem: test update
15967 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15969 * doc/cha-functions.texi, doc/manpages/Makefile.am: update
15971 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15973 * doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c:
15976 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15980 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15982 * doc/invoke-gnutls-cli.texi: doc update
15984 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15986 * lib/gnutls_range.c: document limitation
15988 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
15990 * lib/gnutls_range.c: Make sure we don't fail if writing gets
15993 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15995 * tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't
15998 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16000 * NEWS: documented fix
16002 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16004 * NEWS: postpone the change
16006 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16008 * COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.
16010 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16012 * tests/suite/mini-record-timing.c: updated test
16014 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16016 * lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a
16017 timing attack in TLS CBC record parsing.
16019 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16023 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16025 * lib/gnutls_extensions.c, lib/gnutls_record.c: only register
16026 heartbeat if it is enabled.
16028 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16030 * COPYING.LESSER: license is again LGPLv2.1
16032 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16034 * configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
16035 m4/hooks.m4: updated heartbeat code, and made it optional.
16037 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16039 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo
16041 2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16043 * lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c,
16044 lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
16045 lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use
16046 LGPLv2.1 in the files their author's agreed to.
16048 2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16050 * lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
16051 lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA
16052 to specify trusted CA certificates.
16054 2013-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16056 * NEWS: added new func
16058 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16060 * lib/gnutls_session_pack.c: corrected session resumption
16062 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16064 * lib/gnutls_db.c: simplified DB storing
16066 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16068 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c:
16069 Applied disable SNI patch from Daniel.
16071 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16073 * lib/gnutls_db.c: remove function is not required to add or
16076 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16078 * lib/abstract_int.h, lib/accelerated/accelerated.c,
16079 lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
16080 lib/accelerated/x86/aes-gcm-padlock.c,
16081 lib/accelerated/x86/aes-gcm-x86.c,
16082 lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
16083 lib/accelerated/x86/hmac-padlock.c,
16084 lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h,
16085 lib/algorithms.h, lib/algorithms/cert_types.c,
16086 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
16087 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
16088 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
16089 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
16090 lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
16091 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
16092 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c,
16093 lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk.h,
16094 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
16095 lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
16096 lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
16097 lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
16098 lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h,
16099 lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
16100 lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
16101 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
16102 lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
16103 lib/ext/server_name.c, lib/ext/server_name.h,
16104 lib/ext/session_ticket.c, lib/ext/session_ticket.h,
16105 lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
16106 lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/gnutls_alert.c,
16107 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
16108 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
16109 lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
16110 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
16111 lib/gnutls_compress.h, lib/gnutls_constate.c,
16112 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
16113 lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
16114 lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
16115 lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c,
16116 lib/gnutls_errors.h, lib/gnutls_extensions.c,
16117 lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
16118 lib/gnutls_handshake.c, lib/gnutls_handshake.h,
16119 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
16120 lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c,
16121 lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
16122 lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
16123 lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
16124 lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
16125 lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
16126 lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_record.h,
16127 lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
16128 lib/gnutls_session.c, lib/gnutls_session_pack.c,
16129 lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
16130 lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
16131 lib/gnutls_state.h, lib/gnutls_str.h, lib/gnutls_str_array.h,
16132 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
16133 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
16134 lib/gnutls_x509.c, lib/gnutls_x509.h,
16135 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
16136 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
16137 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
16138 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
16139 lib/includes/gnutls/tpm.h, lib/locks.c, lib/locks.h,
16140 lib/nettle/cipher.c, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
16141 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
16142 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c,
16143 lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c,
16144 lib/nettle/ecc_projective_check_point.c,
16145 lib/nettle/ecc_projective_dbl_point_3.c,
16146 lib/nettle/ecc_projective_isneutral.c,
16147 lib/nettle/ecc_projective_negate_point.c,
16148 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
16149 lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/egd.h,
16150 lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
16151 lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/wmnaf.c,
16152 lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
16153 lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
16154 lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h,
16155 lib/opencdk/misc.c, lib/opencdk/new-packet.c,
16156 lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
16157 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
16158 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
16159 lib/opencdk/stream.h, lib/opencdk/types.h,
16160 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
16161 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
16162 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
16163 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
16164 lib/openpgp/privkey.c, lib/pin.c, lib/pkcs11.c, lib/pkcs11_int.h,
16165 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/random.c,
16166 lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
16167 lib/tpm.c, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h,
16168 lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
16169 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
16170 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/pbkdf2-sha1.c,
16171 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
16172 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
16173 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
16174 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
16175 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h,
16176 lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h: Use LGPLv2.1
16177 in the files their author's agreed to.
16179 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16181 * lib/gnutls_db.c, lib/gnutls_session_pack.c,
16182 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
16183 gnutls_db_check_entry_time().
16185 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16187 * lib/gnutls_db.c: deprecated problematic function
16189 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16191 * NEWS, lib/gnutls_db.c, lib/gnutls_handshake.c,
16192 lib/gnutls_session_pack.c: Fixes in server side of DTLS-0.9.
16194 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16196 * lib/includes/gnutls/xssl.h: corrected typo
16198 2013-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16200 * lib/gnutls_record.c: uncork doesn't do anything when the session
16201 is already in flush mode
16203 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16205 * .gitignore, doc/.gitignore: more files to ignore
16207 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16209 * doc/cha-gtls-examples.texi, lib/includes/gnutls/xssl.h: doc update
16211 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16213 * NEWS, configure.ac, m4/hooks.m4: bumped version
16215 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16217 * doc/latex/cover.tex: Added Alfredo
16219 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16221 * doc/cha-gtls-examples.texi, doc/gnutls.texi, doc/latex/cover.tex:
16222 updated doc for XSSL
16224 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16226 * doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c,
16227 doc/examples/ex-client-xssl2.c: Added XSSL client examples.
16229 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16231 * lib/Makefile.am, lib/libgnutls.map, tests/Makefile.am: Fixed
16232 compilation of mini-xssl.
16234 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16236 * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: small fixes
16238 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16240 * NEWS, lib/Makefile.am, m4/hooks.m4: xssl API moved to xssl library
16242 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16244 * NEWS: updated text
16246 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16248 * doc/cha-gtls-app.texi: Comment out new padding until it is
16249 standardized or at least approved by the WG.
16251 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16253 * doc/Makefile.am, doc/doc.mk: fix xssl
16255 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16257 * src/cli-debug.c: Corrected issue in gnutls-cli-debug which tried
16258 connections to multiple hosts. gnutls-cli-debug was trying to connect to all possible IP addresses
16259 of the host and failed if any was unavailable. Now it tries
16260 sequentially and accepts the first that is working. Reported by
16261 Daniel Kahn Gillmor.
16263 2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16267 2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16269 * .gitignore, NEWS: updated NEWS
16271 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16273 * lib/crypto-api.c: Fix AEAD out-of-place decryption
16275 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16277 * tests/suite/mini-record-timing.c: updated test
16279 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16281 * NEWS, lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_errors.c,
16282 lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
16283 lib/includes/gnutls/{sbuf.h => xssl.h}, lib/libgnutls.map,
16284 lib/{sbuf.c => xssl.c}, lib/{sbuf.h => xssl.h}, lib/{sbuf_getline.c
16285 => xssl_getline.c}, tests/Makefile.am, tests/mini-sbuf.c,
16286 tests/mini-xssl.c: Added new interface.
16288 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16290 * lib/gnutls_handshake.c: propagate the error of the verify
16293 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16295 * lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c: updates
16298 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16300 * NEWS, lib/crypto-backend.h, lib/gnutls_state.c,
16301 lib/includes/gnutls/crypto.h, lib/nettle/rnd.c, lib/random.c,
16302 lib/random.h: Added gnutls_rnd_refresh().
16304 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16306 * lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h,
16307 lib/gnutls_ui.c: Keep the legacy dh_prime_bits.
16309 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16311 * lib/gnutls_int.h, lib/includes/gnutls/sbuf.h, lib/sbuf.c,
16312 lib/sbuf.h, lib/verify-tofu.c: updated sbuf interface.
16314 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16316 * NEWS: updated news
16318 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16320 * NEWS, lib/nettle/rnd.c: No need to cache events with the current
16323 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16325 * lib/ext/heartbeat.c: use nonces instead of random data
16327 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16329 * tests/mini-sbuf.c: free all resources
16331 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16333 * lib/nettle/rnd.c: nonces update the internal rng state much
16336 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16338 * NEWS, lib/algorithms/secparams.c, lib/gnutls_int.h,
16339 lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c,
16340 lib/includes/gnutls/gnutls.h.in: Instead of setting directly the
16341 number of DH bits, set a security parameter per session.
16343 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16345 * NEWS, lib/auth/dh_common.c, lib/gnutls_int.h,
16346 lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
16347 lib/gnutls_ui.c: The minimum DH prime bits are now set by the
16348 priority strings (that means they are increased for the SECURE
16351 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16353 * configure.ac: warnings doesn't imply Werror
16355 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16357 * doc/TODO: updated
16359 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16361 * lib/gnutls_ui.c: disable gnutls_certificate_get_peers_subkey_id()
16364 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16366 * lib/nettle/rnd.c: optimized random generator.
16368 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16370 * configure.ac: check for getpid().
16372 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16374 * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
16375 lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_state.c:
16376 _dtls_timespec_sub_ms -> timespec_sub_ms
16378 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16380 * lib/algorithms.h, lib/algorithms/mac.c: Avoid many indirect calls.
16382 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16384 * lib/nettle/rnd.c: reduced calls to getpid
16386 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16388 * lib/nettle/rnd.c: use the more precise gettime() instead of
16391 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16393 * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in:
16394 gnutls_range_split accepts pointers as arguments.
16396 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
16398 * NEWS, doc/Makefile.am, lib/gnutls_range.c,
16399 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Make
16400 gnutls_range_split available from the GnuTLS API
16402 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
16404 * .gitignore, NEWS, lib/libgnutls.map: - Remove references to the (now renamed) gnutls_range_send_message -
16405 Ignore sbuf-api generated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16407 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16409 * lib/auth/psk.h: Some fix when disable-psk-authentication is
16410 specified. Based on patch by Jaak Ristioja.
16412 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16414 * lib/x509/x509_dn.c: rewritten DN parsing code.
16416 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16418 * tests/cert-tests/Makefile.am, tests/cert-tests/template-dn.pem,
16419 tests/cert-tests/template-dn.tmpl, tests/cert-tests/template-test:
16420 test the DN functionality of certtool.
16422 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16424 * tests/cert-tests/dane: dane test no longer fails if danetool isn't
16427 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16429 * lib/system.c, lib/tpm.c, lib/x509/common.c,
16430 lib/x509/pkcs12_encr.c, lib/x509/x509_dn.c: use the non-locale
16431 dependent versions of isxxx functions.
16433 2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16435 * lib/sbuf.c: allow writes of more than the maximum record data.
16437 2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16439 * NEWS, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
16440 lib/includes/gnutls/gnutls.h.in: introduced gnutls_cork() and
16443 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16445 * NEWS, lib/Makefile.am, lib/includes/gnutls/sbuf.h,
16446 lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
16447 tests/mini-sbuf.c: Added gnutls_sbuf_getdelim() and getline().
16449 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16451 * NEWS, doc/invoke-gnutls-cli.texi: doc updates
16453 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16455 * lib/gnutls_cipher.c, lib/gnutls_range.c, lib/gnutls_record.c,
16456 lib/gnutls_record.h: Small changes and a sanity check
16458 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16460 * lib/x509/ocsp_output.c, lib/x509/output.c: print static strings
16461 without a printf-like function.
16463 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16465 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
16466 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
16467 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
16468 src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c,
16469 src/socket.h: Updated ranges patch.
16471 2013-01-22 Alfredo Pironti <alfredo@pironti.eu>
16473 * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
16474 doc/invoke-gnutls-cli.texi, lib/Makefile.am,
16475 lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
16476 lib/gnutls_cipher.h, lib/gnutls_int.h, lib/gnutls_priority.c,
16477 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
16478 lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.def,
16479 src/cli-args.h, src/cli.c, src/socket.c, src/socket.h,
16480 tests/mini-record.c: GnuTLS Length Hiding patch. - Remove random padding; use minimal padding with legacy interface - With new interface, use LH when possible, that is in CBC mode or
16481 with the new padding extension - Rename priority to "NEW_PADDING" - gnutls-cli: add command line switch --ranges using LH when
16482 possible. - Update documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16484 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16486 * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
16487 lib/libgnutls.map: changed function name to
16488 gnutls_session_force_valid.
16490 2013-01-22 Martin Storsjo <martin@martin.st>
16492 * lib/gnutls.pc.in: Update Libs.private with @LIB_CLOCK_GETTIME@ as
16493 well This is required when linking as static libraries on linux, for
16494 -lrt. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16496 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16498 * lib/gnutls_priority.c: set a default error position.
16500 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16502 * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
16503 lib/libgnutls.map: Added gnutls_session_clear_invalid
16505 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16507 * doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: updated docs
16510 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16512 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
16513 lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added
16514 gnutls_record_set_timeout().
16516 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16518 * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
16519 lib/includes/gnutls/sbuf.h, lib/sbuf.c: updated sbuf layer.
16521 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16523 * doc/invoke-certtool.texi: Updated doc
16525 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16527 * src/certtool-common.c: corrected C parameter generation.
16529 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16531 * configure.ac, lib/Makefile.am, lib/gnutls.pc.in: Updated
16532 Libs.private with all the required libraries
16534 2013-01-21 Martin Storsjo <martin@martin.st>
16536 * lib/gnutls.pc.in: Include libiconv in Libs.private This makes static linking succeed if the library is configured to
16537 use libiconv. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16539 2013-01-21 Martin Storsjo <martin@martin.st>
16541 * lib/gnutls_global.c, lib/verify-tofu.c: Define _gnutls_file_mutex
16542 in gnutls_global.c instead of in verify-tofu.c This fixes issues with linking the tools on OS X if not building
16543 shared libraries. Currently, if building with --disable-shared on OS X, the build
16544 fails with: CCLD gnutls-serv Undefined symbols for architecture x86_64: "__gnutls_file_mutex", referenced from: _gnutls_global_deinit in libgnutls.a(gnutls_global.o) _gnutls_global_init in libgnutls.a(gnutls_global.o) ld:
16545 symbol(s) not found for architecture x86_64 It seems that the linker fails to pull in verify-tofu.o to satisfy
16546 the undefined reference to _gnutls_file_mutex.o in gnutls_global.o
16547 unless gnutls_global.o (or any other object file in the link) also
16548 calls functions that pulls in verify-tofu.o. Since gnutls_global.o
16549 always is linked in, but verify-tofu.o can be left out unless
16550 someone calls the functions in it, defining the mutex in
16551 gnutls_global.c makes sense and simplifies the dependencies. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16553 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16555 * src/Makefile.am, src/certtool-args.c, src/certtool-args.def,
16556 src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
16557 src/certtool.c, src/dh.c: Added --cprint option to certtool
16559 2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16561 * doc/README.CODING_STYLE: updated coding style
16563 2013-01-20 Alon Bar-Lev <alon.barlev@gmail.com>
16565 * src/Makefile.am: build: add danetool-args.c to BUILT_SOURCES Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
16566 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16568 2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16570 * .gitignore, tests/suite/Makefile.am,
16571 tests/suite/mini-record-timing.c: Added program to estimate the
16572 timings in different record paddings.
16574 2013-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16576 * doc/invoke-danetool.texi, libdane/dane.c,
16577 libdane/includes/gnutls/dane.h, src/danetool-args.c,
16578 src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
16579 --insecure flag to danetool.
16581 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16583 * src/certtool.c, tests/cert-tests/template-test.pem,
16584 tests/cert-tests/template-utf8.pem: modified certtool order of DN
16587 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16589 * tests/mini-sbuf.c: properly deinitialized sbuf
16591 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16593 * tests/mini-dtls-record.c: initialize buffer before sending.
16595 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16597 * NEWS, tests/dn2.c: corrected test for new names and updated news.
16599 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16601 * NEWS, libdane/dane.c, libdane/errors.c,
16602 libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
16603 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
16604 src/danetool.c: Added options to specify a DLV file. Suggested by
16607 2013-01-17 Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>
16609 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
16610 lib/x509/x509_dn.c: Added gnutls_x509_crt_set_issuer_dn().
16612 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16614 * doc/invoke-certtool.texi: updated certtool doc
16616 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16618 * NEWS, doc/TODO, doc/cha-cert-auth2.texi,
16619 lib/includes/gnutls/x509.h, lib/libgnutls.map,
16620 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
16621 lib/x509/x509_dn.c, src/certtool-args.c, src/certtool-args.def,
16622 src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h,
16623 src/certtool.c: Added functions to directly set the DN in a
16624 certificate or request from an RFC4514 string.
16626 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16628 * .gitignore: more files to ignore
16630 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16632 * NEWS, doc/cha-gtls-app.texi, lib/Makefile.am,
16633 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/sbuf.c,
16634 tests/Makefile.am, tests/mini-sbuf.c: Added functions to assist
16635 buffering during transmission. Added the gnutls_sbuf_t structure and accompanying functions to
16636 enable buffering in sending application data.
16638 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16640 * libdane/dane-params.c: corrected copyright.
16642 2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16644 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
16645 lib/nettle/rnd.c: Added new error code GNUTLS_E_RANDOM_DEVICE_ERROR.
16647 2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16649 * lib/nettle/egd.c: Corrected issue when an EGD device was not
16650 found. Reported by Joshua Phillips.
16652 2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16654 * cfg.mk: Added config rule
16656 2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16658 * doc/examples/ex-client-x509.c: doc fix
16660 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16662 * lib/x509/pkcs12.c: doc fix
16664 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16666 * lib/pkcs11.c: small updates
16668 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16670 * doc/reference/gnutls-docs.sgml: update
16672 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16674 * lib/x509/crq.c: simplified naming
16676 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16678 * doc/reference/gnutls-docs.sgml: update
16680 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16682 * lib/ext/status_request.c, lib/gnutls_dh_primes.c,
16683 lib/gnutls_ui.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
16684 lib/pkcs11.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
16685 lib/x509/pkcs7.c, lib/x509/x509.c: Added correct since
16687 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16689 * doc/latex/gnutls.tex: added babel (not sure why)
16691 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16693 * doc/reference/gnutls-docs.sgml: updated for 3.1
16695 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16697 * lib/nettle/pk.c: corrected error code
16699 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16701 * cross.mk: updated makefile
16703 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16705 * configure.ac: use AC_CONFIG_HEADER. Reported by Marko Lindqvist
16707 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16709 * NEWS: documented updates
16711 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16713 * lib/gnutls_record.c: corrected typo
16715 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16717 * lib/libgnutls.map: updated exported function name
16719 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16723 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16725 * doc/cha-gtls-app.texi, lib/ext/new_record_padding.c,
16726 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
16727 tests/mini-record.c: NEW_RECORD_PADDING priority string was renamed
16730 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16732 * lib/gnutls_cipher.c: corrected compression.
16734 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16736 * lib/includes/gnutls/x509.h: removed utf8 chars
16738 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16740 * doc/latex/gnutls.tex: updates in output
16742 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16744 * tests/mini-record.c: Added checks for new record padding format.
16746 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16748 * lib/gnutls_cipher.c, lib/gnutls_record.c: better checks in new
16751 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16753 * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: use
16754 padding also if in DTLS.
16756 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16758 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
16759 some simplifications
16761 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16763 * lib/gnutls_dtls.c: use new_record_padding in DTLS data mtu
16766 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16768 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
16769 simplified decryption
16771 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16773 * lib/ext/new_record_padding.c: removed debugging
16775 2012-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16777 * lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
16778 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
16779 lib/gnutls_cipher.c, lib/gnutls_extensions.c,
16780 lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
16781 lib/gnutls_priority.c, lib/gnutls_record.c,
16782 lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in,
16783 lib/libgnutls.map: Added a new record padding mechanism. It is negotiated via an extension and record data are now formatted
16784 as: ciphered-struct { opaque pad<0..2^16-1> opaque content[TLSCompressed.length]; opaque MAC[CipherSpec.hash_size]; } The ciphered-struct size is
16785 always 0 modulo the block size in block ciphers to avoid any need
16786 for additional padding. Added extension to negotiate new record padding.
16788 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16790 * .gitignore, tests/Makefile.am, tests/mini-dtls-record.c: Added
16791 test for duplicate packet detection in DTLS.
16793 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16795 * lib/gnutls_dtls.c, lib/gnutls_int.h: Simplified DTLS sliding
16796 window implementation.
16798 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16800 * lib/gnutls_record.c: Termination when expecting an alert is
16801 handled gracefully in DTLS.
16803 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16805 * NEWS: living in the past
16807 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16809 * NEWS, m4/hooks.m4: bumped library version
16811 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16813 * NEWS: updated news
16815 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16817 * doc/cha-library.texi, doc/cha-tokens.texi, lib/Makefile.am,
16818 lib/tpm.c: If trousers is not present define the TPM functions but
16819 have them return GNUTLS_E_UNIMPLEMENTED_FEATURE.
16821 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16823 * configure.ac: tpm support is disabled by default
16825 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16827 * doc/TODO: updated
16829 2013-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16831 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16832 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16833 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16834 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
16835 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
16836 doc/manpages/tpmtool.1: updated autogen'ed files.
16838 2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16840 * doc/cha-auth.texi, doc/cha-tokens.texi, doc/latex/Makefile.am,
16841 doc/latex/gnutls.tex: doc updates
16843 2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16845 * libdane/dane-params.c, libdane/dane.c: KU Leuven copyright stuff
16846 is LGPL version 2.1 or later
16848 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16850 * THANKS: updated thanks file
16852 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16854 * README-alpha: updated git2cl link
16856 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16858 * doc/cha-auth.texi: corrected typos
16860 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16862 * doc/cha-auth.texi: updated in auth chapter
16864 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16866 * doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
16867 doc/cha-cert-auth2.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
16868 doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16869 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16870 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16871 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
16872 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: Reorganization of
16873 the authentication chapter.
16875 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16877 * doc/cha-auth.texi, doc/gnutls.texi: Added authentication methods
16880 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16882 * doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
16883 doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
16884 doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
16885 doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
16886 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
16887 doc/examples/ex-serv-x509.c: better code in client and server
16890 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16892 * NEWS, lib/nettle/pk.c: made PKCS#1 1.5 encoding and decoding
16893 stricter. Reported by Kikuchi Masashi.
16895 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16897 * lib/gnutls_record.c: corrected typo
16899 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16901 * lib/gnutls_record.c: Termination when expecting an alert is
16902 handled gracefully in DTLS.
16904 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16906 * NEWS, lib/ext/heartbeat.c: Improvements in heartbeat handling.
16908 2012-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16910 * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c,
16911 doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
16912 doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: drop
16913 unecessary function in examples
16915 2012-12-20 Martin Storsjo <martin@martin.st>
16917 * lib/ext/srtp.c: Don't match further SRTP profiles after one match
16918 has been found This makes SRTP profile matching more straightforward and intuitive,
16919 when the first matching SRTP profile will be the one selected, not
16920 the last one as before. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16922 2012-12-20 Martin Storsjo <martin@martin.st>
16924 * lib/crypto-api.c: Fix the parameter name to gnutls_key_generate Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16926 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16930 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16932 * tests/suite/testcompat: corrected datefudge test
16934 2012-12-18 Martin Storsjo <martin@martin.st>
16936 * lib/system_override.c: Fix docs for
16937 gnutls_transport_set_pull_timeout_function The timeout function returns int, not ssize_t. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
16939 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16941 * lib/x509/x509_write.c: doc update
16943 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16945 * configure.ac: bumped version
16947 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16949 * tests/suite/mini-eagain2.c: added config.h
16951 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16953 * configure.ac: corrected wording
16955 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16957 * build-aux/snippet/warn-on-use.h, gl/Makefile.am, gl/base64.c,
16958 gl/error.c, gl/fstat.c, gl/getaddrinfo.c, gl/m4/base64.m4,
16959 gl/m4/error.m4, gl/m4/extern-inline.m4, gl/m4/fstat.m4,
16960 gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4,
16961 gl/m4/lock.m4, gl/m4/lstat.m4, gl/m4/math_h.m4, gl/m4/open.m4,
16962 gl/m4/stat.m4, gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4,
16963 gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
16964 gl/math.c, gl/math.in.h, gl/stdio.c, gl/stdio.in.h,
16965 gl/sys_socket.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
16966 gl/tests/ftruncate.c, gl/tests/glthread/lock.c, gl/tests/lstat.c,
16967 gl/tests/open.c, gl/tests/stat.c, gl/unistd.c, gl/unistd.in.h,
16968 gl/vasnprintf.c, maint.mk: updated gnulib
16970 2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16972 * tests/suite/Makefile.am: corrected test
16974 2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16976 * doc/invoke-certtool.texi, src/certtool-args.c,
16977 src/certtool-args.def, src/certtool-args.h: certtool
16978 --generate-request option conflicts with --infile. Suggested by
16981 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16985 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16987 * doc/Makefile.am, doc/invoke-danetool.texi,
16988 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16989 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16990 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
16991 doc/invoke-tpmtool.texi, doc/manpages/Makefile.am,
16992 doc/manpages/tpmtool.1: use ECHO_N
16994 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16996 * tests/suite/Makefile.am: do not build ecore in macosx
16998 2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17000 * README, README-alpha: updated urls
17002 2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17004 * doc/gnutls.texi, doc/latex/cover-epub.tex, doc/latex/cover.tex,
17005 lib/gnutls_privkey.c, lib/x509/crq.c, lib/x509/pkcs12.c,
17006 tests/pkcs12_simple.c: corrected copyright notices
17008 2012-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17010 * doc/invoke-certtool.texi, src/certtool-args.c,
17011 src/certtool-args.def, src/certtool-args.h: updated documentation.
17013 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17015 * lib/x509/common.c: _gnutls_strdatum_to_buf() will account for NULL
17018 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17020 * lib/x509/output.c: allow GNUTLS_E_SHORT_MEMORY_BUFFER in
17021 gnutls_x509_crq_get_challenge_password
17023 2012-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17025 * lib/x509/crq.c: doc update
17027 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17029 * doc/invoke-p11tool.texi, src/p11tool-args.c,
17030 src/p11tool-args.def, src/p11tool-args.h: updated documentation
17032 2012-12-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17034 * lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
17035 tests/key-openssl.c, tests/pkcs12_simple.c: Import PKCS #12 keys
17037 2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17039 * NEWS: document fix
17041 2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17043 * lib/gnutls_cipher.c: Corrected bugs in record parsing. Corrected bugs in record padding parsing. Reported by Kenny
17044 Patterson and Nadhem Alfardan.
17046 2012-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17048 * NEWS: documented fixes
17050 2012-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17052 * lib/ext/srtp.c, lib/ext/srtp.h: corrected copyright
17054 2012-12-01 Ludovic Courtès <ludo@gnu.org>
17056 * guile/src/Makefile.am: guile: Fix dependencies to be
17059 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17061 * doc/cha-cert-auth.texi: Revert "do not document low-level
17062 functions" This reverts commit 7b334d581007ba4a91837edb1e0081959f32e363.
17064 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17066 * README: mention dependencies in readme
17068 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17070 * cfg.mk: update @VERSION@ -> actual version on the web manual
17072 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17074 * doc/cha-cert-auth.texi: doc update
17076 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17078 * cfg.mk: simplified generation of documentation
17080 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17082 * doc/cha-gtls-app.texi: mention gnutls_sec_param_get_name
17084 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17086 * doc/cha-crypto.texi, lib/gnutls_ui.c: doc updates
17088 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17090 * src/socket.c: corrected socket loop. Based on patch by Mantas
17093 2012-11-26 Simon Josefsson <simon@josefsson.org>
17095 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
17096 lib/minitasn1/element.c, lib/minitasn1/int.h,
17097 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
17098 lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update
17099 minitasn1 to version 3.1.
17101 2012-11-26 Simon Josefsson <simon@josefsson.org>
17103 * .gitignore, build-aux/snippet/unused-parameter.h,
17104 doc/gendocs_template, maint.mk: Update gnulib tools. Add missing
17105 unused-parameter.h template.
17107 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17111 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17113 * src/cli.c, src/ocsptool-common.c, src/socket.c, src/socket.h:
17114 gnutls-cli will try to cannot to all possible returned addresses.
17116 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17118 * doc/TODO: updated todo list
17120 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17122 * NEWS, lib/x509/x509.c: gnutls_x509_crt_get_policy() allows for a
17123 list of zero policy qualifiers.
17125 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17127 * src/libopts/usage.c: Added hack to print the parameters correctly
17130 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17132 * lib/x509/x509.c: updated
17134 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17136 * tests/cert-tests/template-test: repeat the tests to avoid
17137 accidental failures
17139 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17141 * lib/x509/dn.c: LDAP string escaping was made stricter (rfc4514
17144 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17146 * lib/pkix.asn, lib/pkix_asn1_tab.c: removed unneeded types.
17148 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17150 * lib/x509/common.c: UniversalString (UTF-32) is handled as
17151 non-printable for now.
17153 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17155 * doc/TODO: updated todo list
17157 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17159 * lib/x509/common.c: Allow for bit strings that are not a multiple
17162 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17164 * NEWS, cross.mk: updated
17166 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17168 * m4/hooks.m4: require libtasn1 3.1 or later
17170 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17172 * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c, lib/tpm.c,
17173 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
17174 lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
17175 lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
17176 lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/x509.c,
17177 lib/x509/x509_int.h, lib/x509/x509_write.c, tests/crq_apis.c,
17178 tests/set_pkcs12_cred.c: rewritten ASN.1 handling string subsystems
17179 to use the new libtasn1 APIs.
17181 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17183 * NEWS: released 3.1.5
17185 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17187 * .gitignore: more files to ignore
17189 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17191 * lib/x509/common.c: corrected placeOfBirth DN parsing.
17193 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17195 * lib/gnutls_global.c: no need to release struct
17197 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17199 * doc/cha-cert-auth.texi: do not document low-level functions
17201 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17203 * lib/nettle/ecc_mulmod_cached.c: set cache to null after
17206 2012-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17208 * tests/cert-tests/template-test: fixed test
17210 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17212 * .gitignore, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
17213 gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
17214 gl/iconv_open-aix.gperf, gl/iconv_open-aix.h,
17215 gl/iconv_open-hpux.gperf, gl/iconv_open-hpux.h,
17216 gl/iconv_open-irix.gperf, gl/iconv_open-irix.h,
17217 gl/iconv_open-osf.gperf, gl/iconv_open-osf.h,
17218 gl/iconv_open-solaris.gperf, gl/iconv_open-solaris.h,
17219 gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
17220 gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4,
17221 gl/m4/inline.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
17222 gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
17223 gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/setlocale.m4,
17224 gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c,
17225 gl/tests/localename.h, gl/tests/setlocale.c,
17226 gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
17227 gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
17228 gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
17229 gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
17230 gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
17231 gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
17232 gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
17233 gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
17234 gl/unistr/u8-uctomb.c, gl/unitypes.in.h: iconv() will include the
17235 UCS2->UTF8 convertion in systems that is not provided.
17237 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17239 * lib/pkix_asn1_tab.c: use the old type for compatibility
17241 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17243 * lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: updated
17246 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17248 * configure.ac, m4/hooks.m4: bumped version
17250 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17252 * lib/system.c: simplified UTF-8 encoding.
17254 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17256 * NEWS, doc/invoke-danetool.texi, src/Makefile.am,
17257 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
17258 src/danetool.c: danetool is being built even without libgnutls-dane. The --check functionality is not operational though. It can only
17259 generate tlsa records.
17261 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17263 * tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
17264 tests/cert-tests/template-utf8.pem,
17265 tests/cert-tests/template-utf8.tmpl: Added test on UTF-8 certificate
17268 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17270 * lib/x509/dn.c: removed redundant check
17272 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17274 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
17275 src/certtool-args.def, src/certtool-args.h, src/certtool.c: updated
17278 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17280 * lib/x509/x509.c: update
17282 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17284 * doc/cha-cert-auth.texi, lib/x509/x509.c: doc update
17286 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17288 * doc/cha-cert-auth2.texi, lib/pkcs11_privkey.c, lib/x509/output.c,
17289 lib/x509/x509.c, lib/x509/x509_write.c: doc update
17291 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17293 * lib/x509/x509_write.c: enforce the 200 character limit.
17295 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17297 * NEWS, lib/system.c: improved iconv support.
17299 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17301 * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
17302 tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem,
17303 tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen:
17304 updated for new output
17306 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17308 * NEWS: news update
17310 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17312 * NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
17313 doc/invoke-certtool.texi, doc/manpages/Makefile.am,
17314 lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
17315 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
17316 lib/x509/output.c, src/certtool-args.c, src/certtool-args.def,
17317 src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
17318 src/certtool.c, src/tpmtool.c: Several updates in certificate/public
17319 key printing. * Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an
17320 easier to parse format. * Added gnutls_pubkey_import_x509_crq() to convert a certificate
17321 request to a public key. * Added gnutls_pubkey_print() to simplify public key printing. * certtool's pubkey-info can be combined with --load-request. * Added --numbers option to certtool which prints big numbers in an
17322 easier to parser format.
17324 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17326 * build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/{tests =>
17327 }/dup2.c, gl/errno.in.h, gl/m4/errno_h.m4, gl/m4/gnulib-cache.m4,
17328 gl/m4/gnulib-comp.m4, gl/m4/select.m4, gl/m4/stdlib_h.m4,
17329 gl/select.c, gl/stdlib.in.h, gl/strerror-override.c,
17330 gl/strerror-override.h, gl/tests/Makefile.am, gl/tests/fcntl.in.h,
17331 gl/tests/test-fcntl-h.c, gl/tests/test-iconv.c,
17332 gl/tests/test-select.h, lib/system.c, m4/hooks.m4, maint.mk: use
17333 gnulib to detect iconv.
17335 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17337 * NEWS, configure.ac, lib/Makefile.am, lib/system.c: check for
17338 either iconv or libiconv.
17340 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17342 * src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
17343 src/certtool-cfg.c: simplified parsing
17345 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17347 * lib/x509/output.c: print header only on the first policy
17349 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17351 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
17352 src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c,
17353 src/certtool-cfg.h, src/certtool.c: certtool is able to set
17354 certificate policies via a template
17356 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17358 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
17359 lib/x509/dn.c, lib/x509/output.c, lib/x509/x509.c,
17360 lib/x509/x509_write.c: Added gnutls_x509_crt_set_policy()
17362 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17364 * lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
17365 lib/x509/x509.c: doc update
17367 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17369 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
17370 lib/includes/gnutls/x509.h, lib/x509/output.c, lib/x509/x509.c:
17373 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17375 * lib/system.c: corrected win32 UCS2 conversion.
17377 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17379 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
17380 lib/includes/gnutls/x509.h, lib/system.c, lib/x509/output.c,
17381 lib/x509/x509.c: simplified naming
17383 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17385 * NEWS: documented update
17387 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17389 * lib/x509/x509.c: mention the extension OID
17391 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17393 * tests/cert-tests/aki-cert.pem,
17394 tests/cert-tests/no-ca-or-pathlen.pem: updated certificates to parse
17397 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17399 * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/x509.c: handle
17402 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17404 * tests/cert-tests/Makefile.am, tests/cert-tests/bmpstring.pem,
17405 tests/cert-tests/pem-decoding: Added simple check for bmpstring
17408 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17410 * lib/system.c: Added _gnutls_ucs2_to_utf8() for windows (untested)
17412 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17414 * lib/x509/common.c: If _gnutls_ucs2_to_utf8() handle the data as
17415 non-printable (fallback to previous behavior).
17417 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17419 * lib/x509/x509.c: doc update
17421 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17423 * NEWS: documented updates
17425 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17427 * configure.ac: check for iconv
17429 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17431 * lib/system.c, lib/x509/common.c: map the whole ascii set
17433 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17435 * lib/x509/common.c: Handle BMPString in DNs.
17437 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17439 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
17440 lib/pkix_asn1_tab.c, lib/system.c, lib/system.h, lib/tpm.c,
17441 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
17442 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
17443 lib/x509/ocsp.c, lib/x509/output.c, lib/x509/pkcs12.c,
17444 lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
17445 lib/x509/privkey_pkcs8.c, lib/x509/x509.c: Added functions to parse
17446 the certificate policies extention. Added gnutls_x509_crt_get_policy() etc. In addition several updated
17447 in the handling of strings in X.509 structures.
17449 2012-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17451 * doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-crypto.texi,
17452 doc/cha-gtls-app.texi, doc/gnutls.texi, lib/x509/privkey.c: doc
17455 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17457 * lib/gnutls_cert.c: updated doc
17459 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17461 * NEWS: documented update
17463 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17467 2012-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17469 * tests/cert-tests/template-test: Added small text
17471 2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
17473 * doc/examples/Makefile.am: print-ciphersuites was a very useful too
17474 for debugging this. Now it is even built. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17476 2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
17478 * lib/gnutls_priority.c: Don't read past the last list entry in
17479 _add_priority, doing so adds algorithms that shouldn't be added and
17480 can even lead to a segfault. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17482 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17484 * src/danetool.c: tried to beautify output of danetool
17486 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17488 * lib/gnutls_x509.c: corrected description.
17490 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17492 * lib/gnutls_cert.c: corrected typo
17494 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17498 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17500 * src/pkcs11.c: optimizations in list import
17502 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17504 * lib/pkcs11.c: When listing all objects of a type, restrict their
17505 class to the specified.
17507 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17509 * src/pkcs11.c: Added some help on failure.
17511 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17513 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
17514 pkcs11_find_object made static.
17516 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17518 * src/certtool-common.c, src/certtool-common.h, src/certtool.c,
17519 src/dh.c, src/p11tool.c, src/pkcs11.c, src/tpmtool.c: get_bits()
17520 does not always warn.
17522 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17524 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
17525 lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/pkcs11.c: when
17526 generating a PKCS #11 private key print the public key.
17528 2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17530 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
17531 src/certtool-args.def, src/certtool-args.h, src/certtool.c: The
17532 pubkey-info option can be combined with the load-privkey to extract
17533 the public key of a private key.
17535 2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17537 * doc/examples/ex-client-x509.c, doc/examples/ex-verify-ssh.c,
17538 doc/examples/verify.c: corrected verification examples
17540 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17542 * doc/TODO: removed OCSP extension from TODO
17544 2012-11-09 Diego Elio Pettenò <flameeyes@flameeyes.eu>
17546 * tests/cert-tests/Makefile.am: build: only run the dane cert test
17547 if dane is enabled. This fixes a test failure when disabling dane support. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
17548 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17550 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17552 * Makefile.am, NEWS, cfg.mk, doc/manpages/Makefile.am,
17553 tests/cert-tests/Makefile.am, tests/cert-tests/cert-ecc256.pem,
17554 tests/cert-tests/dane: last changes for release.
17556 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17558 * doc/Makefile.am, doc/invoke-gnutls-cli.texi,
17559 doc/manpages/Makefile.am, src/common.c: updated
17561 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17563 * lib/gnutls_x509.c: Corrected indication of OCSP check failure.
17565 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17567 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: The
17568 status-request option was eliminated. Check OCSP only when the
17569 status response in the handshake was invalid.
17571 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17573 * AUTHORS, NEWS: Added Martin
17575 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17577 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
17578 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
17579 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
17580 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
17581 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
17582 src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
17583 src/tpmtool-args.h: updated
17585 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17587 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
17588 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
17589 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
17590 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
17591 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
17592 doc/manpages/tpmtool.1, doc/scripts/cleanup-autogen.pl: remove
17593 @cindex from the invoke-* files.
17595 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17597 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
17598 doc/latex/gnutls.bib: doc updates
17600 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17602 * doc/cha-cert-auth.texi: doc update
17604 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17606 * NEWS, lib/algorithms.h, lib/algorithms/mac.c,
17607 lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
17608 lib/libgnutls.map, lib/verify-tofu.c, lib/x509/ocsp_output.c,
17609 lib/x509/output.c, lib/x509/verify.c, tests/chainverify.c: Allow
17610 easier marking of insecure algorithms.
17612 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17614 * lib/gnutls_compress.c: removed debugging
17616 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17618 * NEWS, lib/gnutls_int.h, lib/gnutls_sig.c: key usage violations are
17621 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17623 * NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c,
17624 lib/includes/gnutls/gnutls.h.in: Removed
17625 GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP
17628 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17630 * doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update
17632 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17634 * gnutls-cli-debug uses server name indication.
17638 Copyright (C) 2005-2012 Free Software Foundation, Inc.
17640 Copying and distribution of this file, with or without
17641 modification, are permitted provided the copyright notice
17642 and this notice are preserved.