1 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 * tests/cert-tests/aki, tests/cert-tests/pathlen,
4 tests/cert-tests/pem-decoding, tests/suite/crl-test,
5 tests/suite/invalid-cert, tests/suite/testcompat-main,
6 tests/suite/testrandom: tests: better replacement of LIBTOOL
9 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 * tests/Makefile.am: tests: ship certs/
13 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
18 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20 * NEWS, configure.ac, m4/hooks.m4: bumped version
22 2014-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
24 * src/serv-args.def, src/serv.c: gnutls-serv: removed the
25 --print-cert option; the cert was anyway being printed.
27 2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
29 * doc/TODO: doc update
31 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
33 * src/p11tool-args.def: corrected typo
35 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
37 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
38 lib/minitasn1/element.c, lib/minitasn1/element.h,
39 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
40 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
41 lib/minitasn1/structure.c: minitasn1: updated to version 4.0
43 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
45 * src/p11tool-args.def: p11tool: updated documentation
47 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
49 * src/pkcs11.c: p11tool: Warn when no --outfile has been specified
52 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
56 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
58 * tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
59 structure generation and decoding.
61 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
63 * src/certtool-args.def, src/certtool-common.c,
64 src/certtool-common.h, src/certtool.c: certtool: allow specifying
65 the friendly name on the command line and use the
68 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
70 * src/pkcs11.c: p11tool: warn in more operations if --login is not
73 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
75 * src/pkcs11.c: p11tool: No longer assume a default URL for
78 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
80 * src/common.c: p11tool: Do not allow a newline as PIN.
82 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
84 * lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
87 2014-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
89 * THANKS: updated thanks file
91 2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
93 * README: clarified license text
95 2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
97 * src/cli.c: gnutls-cli: Do not try to load the system CA trust if
98 --insecure is specified.
100 2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
102 * lib/gnutls_srp.c: doc: more consistent use of pointer star.
104 2014-06-16 Attila Molnar <attilamolnar@hush.com>
106 * lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
107 for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>
109 2014-06-16 Attila Molnar <attilamolnar@hush.com>
111 * doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
112 Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
113 in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>
115 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
117 * NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
118 lib/gnutls_record.c, lib/gnutls_record.h,
119 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
120 src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
121 introduced to avoid exporting a structure on the API. That change will allow exporting more info associated with a packet
124 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
126 * lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
127 the same on resumed sessions.
129 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
133 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
135 * tests/suite/pkcs11-chainverify.c: Test the return code of
136 gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
137 token. Check whether the return code of
138 gnutls_x509_trust_list_add_trust_file() is non-zero when
139 certificates are present.
141 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
143 * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
144 returns the number of certificates present when loading a PKCS #11
147 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
149 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
150 p11tool: Allow marking a certificate as a CA.
152 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
154 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
155 GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA
158 2014-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
160 * doc/README.CODING_STYLE: coding style: update the DCO text
162 2014-06-15 Attila Molnar <attilamolnar@hush.com>
164 * lib/gnutls_state.c: doc: Corrections for
165 gnutls_handshake_set_hook_function()
167 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
169 * doc/cha-intro-tls.texi: doc: updated text for the ALPN
170 experimental protocols
172 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
174 * doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
175 are duplicated in the section index.
177 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
181 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
183 * tests/Makefile.am, tests/eagain-common.h,
184 tests/mini-x509-callbacks-intr.c: tests: Added check for the
185 interrupted post client hello.
187 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
189 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
190 lib/gnutls_v2_compat.c: handshake: Allow the post client hello
191 callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
192 GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
193 and can be resumed when needed.
195 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
197 * src/benchmark-tls.c: use the new API for receiving data
199 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
201 * tests/anonself.c: Adapted test to check
202 gnutls_record_recv_packet().
204 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
208 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
210 * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
211 lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
212 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
213 gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
214 i.e., a variant that eliminates the data memcpy().
216 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
218 * src/tests.c: gnutls-cli-debug: Use proper HTTP request
220 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
224 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
226 * lib/x509/common.c: When decoding of a DN string fails, treat it as
227 unknown string and print its hex value.
229 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
231 * tests/suite/testpkcs11: Print errors but avoid being verbose on
234 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
236 * src/certtool-common.c: certtool: avoid sizeof() on lbuffer
238 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
240 * src/certtool-common.c: certtool: ensure that allocated buffer has
241 a minimum size of 64kb.
243 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
245 * src/certtool-args.def, src/certtool.c: certtool: Added option
248 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
250 * lib/x509/x509.c: initialize iterator.
252 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
254 * lib/x509/crl.c: corrected the allocation size for CRL iterator.
256 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
258 * tests/suite/Makefile.am, tests/suite/crl-test,
259 tests/suite/crl/long.pem: Added test for CRL decoding.
261 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
263 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
264 lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
265 lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
266 thread-safe by making the iterator explicit.
268 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
270 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
271 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
272 tests/suite/Makefile.am, tests/suite/invalid-cert,
273 tests/suite/testcompat-main, tests/suite/testrandom: Pass the
274 LIBTOOL variable into test scripts That allows using the detected libtool in scripts. That corrects an
275 issue on OS X systems that ship a different libtool. Reported by
278 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
280 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
281 lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
282 gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
284 2014-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
286 * lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally
288 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
292 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
294 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
295 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
296 gnutls_x509_crl_get_crt_serial2(), a faster variant of
297 gnutls_x509_crl_get_crt_serial(). The new function caches pointers to allow working faster in CRL
298 structures with lots of entries (e.g., 50000+ entries).
300 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
302 * src/certtool-common.c, src/certtool-common.h, src/certtool.c,
303 src/danetool.c: certtool: When an external file is used increase out
304 maximum buffer accordingly.
306 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
308 * lib/x509/output.c: Abort printing on error.
310 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
312 * lib/gnutls_ui.c: tie the weak DH warning to the very weak security
315 2014-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
317 * m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at
318 http://savannah.gnu.org/support/?108592
320 2014-06-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
322 * lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
325 2014-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
327 * NEWS, configure.ac, m4/hooks.m4: bumped version
329 2014-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
333 2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
335 * .gitignore: more files to ignore
337 2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
339 * devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
340 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
341 lib/accelerated/x86/coff/aesni-x86.s,
342 lib/accelerated/x86/coff/aesni-x86_64.s,
343 lib/accelerated/x86/coff/e_padlock-x86.s,
344 lib/accelerated/x86/coff/e_padlock-x86_64.s,
345 lib/accelerated/x86/coff/ghash-x86_64.s,
346 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
347 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
348 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
349 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
350 lib/accelerated/x86/elf/aes-ssse3-x86.s,
351 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
352 lib/accelerated/x86/elf/aesni-x86.s,
353 lib/accelerated/x86/elf/aesni-x86_64.s,
354 lib/accelerated/x86/elf/e_padlock-x86.s,
355 lib/accelerated/x86/elf/e_padlock-x86_64.s,
356 lib/accelerated/x86/elf/ghash-x86_64.s,
357 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
358 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
359 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
360 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
361 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
362 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
363 lib/accelerated/x86/macosx/aesni-x86.s,
364 lib/accelerated/x86/macosx/aesni-x86_64.s,
365 lib/accelerated/x86/macosx/e_padlock-x86.s,
366 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
367 lib/accelerated/x86/macosx/ghash-x86_64.s,
368 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
369 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
370 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
371 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
374 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
378 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
380 * cross.mk: updated windows makefile
382 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
384 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
385 files for gnutls_credentials_get()
387 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
389 * configure.ac, m4/hooks.m4: bumped version
391 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
393 * tests/Makefile.am, tests/long-session-id.c: Added test for memory
394 corruption issue in server hello. Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.
396 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
398 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
399 lib/minitasn1/element.c, lib/minitasn1/gstr.h,
400 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
401 lib/minitasn1/parser_aux.h: updated libtasn1
403 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
405 * lib/x509/common.c: avoid cleanup when there are no allocations in
406 _gnutls_x509_der_encode().
408 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
410 * lib/gnutls_ecc.c: cleanup resources on
411 _gnutls_ecc_ansi_x963_export() failure.
413 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
415 * src/serv-args.def, src/serv.c: Added the --print-cert option to
418 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
420 * src/certtool-extras.c: certtool: correct size calculation when
423 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
425 * lib/opencdk/armor.c: re-indented messy table.
427 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
429 * lib/opencdk/armor.c: Removed unused function.
431 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
433 * m4/hooks.m4: document the symbol version bump needed in a .so
436 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
438 * lib/gnutls_handshake.c: Prevent memory corruption due to server
439 hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon.
441 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
443 * lib/gnutls_handshake.c: only try to copy session ID if there is a
446 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
450 2014-05-29 Kurt Roeckx <kurt@roeckx.be>
452 * lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
454 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
456 * lib/pkcs11.c: increased the maximum certificate size buffer in the
459 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
461 * lib/system.c: re-enabled config path discovery code, and check the
462 return code of getpwuid_r(). Reported by Viktor Dukhovni.
464 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
468 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
470 * src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
471 src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more. It could not be emulated with the new library.
473 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
475 * lib/accelerated/accelerated.c: removed old check for nettle
477 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
479 * lib/safe-memset.c: safe_memset: allow memset of zero bytes.
481 2014-05-27 Hani Benhabiles <kroosec@gmail.com>
483 * lib/x509/verify-high.c: Fix unused variable warning without
484 PKCS#11 support. Signed-off-by: Hani Benhabiles <hani@linux.com>
486 2014-05-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
488 * src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582),
489 reported by Matt McCutchen.
491 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
493 * lib/algorithms/protocols.c, lib/gnutls_handshake.c:
494 _gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
497 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
499 * src/certtool-cfg.c: Allow wildcard comparison of options.
501 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
505 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
509 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
511 * src/certtool-cfg.c: certtool: Warn when invalid configuration
512 options are set into a template.
514 2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
516 * lib/x509/common.c: Do not allow null strings to be read from ASN.1
517 structures. This corrects a null pointer dereference when parsing some specially
518 crafted certificates. Issue discovered using the Codenomicon TLS
521 2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
523 * lib/x509/common.c: removed redundant null termination
525 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
527 * lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
528 prefix from static functions.
530 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
532 * lib/gnutls_handshake.c: Do not call the user_hello_func multiple
533 times when performing ticket resumption.
535 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
537 * doc/TODO: doc update
539 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
541 * lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
542 zero if data is NULL and memory buffer size is not sufficient.
544 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
546 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
547 When assigning the TLS version, double check that it is valid.
549 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
551 * lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
552 there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon.
554 2014-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
556 * src/certtool-cfg.c: Added aliases for unit and organization.
558 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
560 * lib/x509/common.c: use a signed value for bits.
562 2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
566 2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
568 * src/certtool-cfg.c: certtool: allow multiple organizations and
569 organizational unit names to be specified in a template.
571 2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
573 * lib/gnutls_priority.c: increased the number of allowed elements in
576 2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
578 * lib/gnutls_priority.c: simplify break_comma_list().
580 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
582 * lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
583 internal _gnutls_x509_get_signature(). That prevents unnecessary replication of its code.
585 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
587 * lib/x509/common.c, lib/x509/x509.c: more sanity checks on
590 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
592 * src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def:
593 tools: Replace normal sec-param with medium in documentation.
595 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
597 * doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
598 print the bug reports line from autogen.
600 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
604 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
606 * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
607 lib/safe-memset.c: do not yet export gnutls_memset().
609 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
611 * .gitignore: more files to ignore
613 2014-05-15 Michał Górny <mgorny@gentoo.org>
615 * tests/slow/Makefile.am: tests/slow: add -I flags necessary for
616 out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
618 2014-05-15 Michał Górny <mgorny@gentoo.org>
620 * tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
621 out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a
622 subdirectory of the current working directory. When an out-of-source
623 build is performed, the files reside in a subdirectory of source
624 directory instead. Set PKCS12PATH to that directory in order to fix
625 the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
627 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
629 * tests/dsa/testdsa: changed port of DSA test
631 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
633 * lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
634 correct signature size rather than the max.
636 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
638 * lib/openpgp/output.c: Print the openpgp DN only when
639 gnutls_openpgp_crt_get_name() failed appropriately.
641 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
643 * lib/x509/x509_ext.c: initialize string in
644 gnutls_x509_ext_import_basic_constraints().
646 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
648 * lib/x509/x509.c: corrected error checking in
649 gnutls_x509_crt_get_extension_data()
651 2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
653 * lib/gnutls_ui.c: Allow null list_size argument in
654 gnutls_certificate_get_peers()
656 2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
658 * src/serv.c: certificate verification is performed asynchronously.
660 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
664 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
666 * src/danetool-args.def: enhanced the danetool usage instructions.
668 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
670 * src/certtool-args.def: Do not use autogen's file option for input
671 parameters. Instead use a string. We check the file for validity and autogen's
672 check was imposing rules such as normal file (as opposed to a
673 device), that were not needed.
675 2014-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
677 * src/certtool-common.c: certtool: check for null prior to checking
680 2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
682 * lib/auth/ecdhe.c: cleanup in the initialization of ECDH
685 2014-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
687 * lib/nettle/pk.c: Eliminated memory leak on failed curve
688 assignment. The memory leak was uncovered by the Codenomicon TLS suite.
690 2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
692 * src/cli.c: gnutls-cli: if dane verification is used but not PKIX
693 only check the end certificate.
695 2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
697 * libdane/dane.c: doc update
699 2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
701 * doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
702 gnutls_set_default_priority() in examples.
704 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
708 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
710 * libdane/dane.c, libdane/includes/gnutls/dane.h,
711 libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
712 allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
714 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
716 * libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
717 prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
719 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
721 * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
722 prototypes for dane_verify_crt_raw2().
724 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
726 * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
727 lib/safe-memset.c: export gnutls_memset().
729 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
733 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
735 * libdane/dane.c, libdane/includes/gnutls/dane.h,
736 libdane/libdane.map: Added dane_verify_crt_raw2() which allows
737 verifying against the certificate name.
739 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
741 * libdane/dane.c: Improved dane_verify_session_crt(), which now
742 attempts to create a full chain. This addresses points from
743 https://savannah.gnu.org/support/index.php?108552
745 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
747 * lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
748 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
749 lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
750 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
751 lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
752 lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
753 lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
754 lib/gnutls_x509.c: removed legacy code.
756 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
758 * lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
759 lib/libgnutls.map: Added gnutls_credentials_get().
761 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
763 * src/serv-args.def, src/serv.c: Added gnutls-serv option
764 --verify-client-cert. That option allows forcing verification of the provided certificate
765 even if it is not required to present one. In that case the
766 connection will be closed with a fatal alert.
768 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
770 * lib/ext/status_request.c: Addressed memory leak in status request
771 extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite.
773 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
775 * lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
776 DHE and ECDHE rehandshakes. The memory leak was uncovered by the Codenomicon TLS suite.
778 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
780 * cross.mk: updated cross compilation Makefile.
782 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
784 * lib/ext/safe_renegotiation.c: Avoid memory leak in safe
785 renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite.
787 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
789 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
790 Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite.
792 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
794 * doc/cha-gtls-app.texi: doc update
796 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
800 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
802 * doc/cha-gtls-app.texi: updated documentation on library
803 initialization to reflex the changes in 3.3.0.
805 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
807 * lib/locks.c: re-enabled gnutls_global_set_mutex().
809 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
811 * src/Makefile.am: Do not run autogen twice to generate the header
814 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
816 * tests/cert-tests/Makefile.am: Ship suppressions.valgrind
818 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
820 * NEWS, configure.ac, m4/hooks.m4: bumped version
822 2014-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
824 * lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
825 remainders in the TLS handshake packets. The issue was discovered using the codenomicon TLS suite.
827 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
829 * lib/ext/srp.c: Account the length byte in SRP extension. Issue identified using valgrind and the Codenomicon TLS test suite.
831 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
835 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
837 * src/cli.c: Do not set "NORMAL" as default priority string. That is, allow the library to select the appropriate default.
839 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
841 * doc/cha-gtls-app.texi: fixed typo
843 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
845 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
846 lib/includes/gnutls/x509.h, lib/priority_options.gperf,
847 lib/x509/verify.c: Added the 'very weak' certificate verification
848 profile. This profile corresponds to a 64-bit security level (e.g., RSA
849 parameters of 768 bits).
851 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
853 * doc/cha-gtls-app.texi: doc update
855 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
857 * doc/credentials/x509/cert-ecc.pem,
858 doc/credentials/x509/clicert-ecdsa.pem,
859 doc/credentials/x509/clikey-ecdsa.pem,
860 doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
863 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
865 * src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
866 generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
867 not widely supported.
869 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
871 * doc/credentials/x509/clicert-ecdsa.pem,
872 doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.
874 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
876 * lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite.
878 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
882 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
884 * lib/ext/srp.c: initialize to null the SRP extension data on
885 allocation. Issue identified using valgrind and the Codenomicon TLS test suite.
887 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
889 * tests/suite/testrng: Modified the testrng for Debian's dieharder.
891 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
893 * lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite.
895 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
897 * lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c:
898 More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite.
900 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
902 * lib/auth/psk_passwd.c: Eliminated password file descriptor leak. Issue discovered using codenomicon TLS test suite.
904 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
906 * src/serv.c: Added a timeout to close inactive sessions.
908 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
910 * doc/cha-gtls-app.texi: doc update
912 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
914 * doc/cha-gtls-app.texi: doc update
916 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
918 * src/serv.c: Send the appropriate alert when a certificate is
919 required but not present.
921 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
923 * lib/gnutls_global.c: use __sun definition to detect solaris.
925 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
927 * src/serv.c: Cleaned up server process. This eliminates an infinate loop triggered by unexpected client
930 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
932 * lib/gnutls_global.c: Added support for constructors and
933 destructors in solaris CC.
935 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
937 * tests/suite/testrng: Updated dieharder tests.
939 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
941 * README-alpha: doc update
943 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
945 * tests/slow/cipher-test.c: include header for self-test functions
947 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
949 * tests/suite/testrng: Allow testrng test to run with older versions
952 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
954 * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
955 casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
957 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
959 * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
960 casting to mpz_t using __mpz_struct.
962 2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
964 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
965 lib/minitasn1/element.c, lib/minitasn1/element.h,
966 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
967 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
968 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
969 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
970 lib/minitasn1/version.c: updated included libtasn1.
972 2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
974 * src/certtool-cfg.c: Do not return from void functions. Reported by
977 2014-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
979 * lib/gnutls_global.c: removed return from void function.
981 2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
983 * tests/suite/rng.c, tests/suite/testrng: updated prng test
985 2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
987 * .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
988 tests/suite/testrng: Test the random generators in gnutls using the
991 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
993 * tests/suite/pkcs11-get-issuer.c: use different db file for
996 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1000 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1002 * lib/x509/verify-high.c: doc update
1004 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1006 * tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
1007 test to verify whether gnutls_x509_trust_list_get_issuer() operates
1008 correctly under PKCS #11 trust list.
1010 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1012 * lib/includes/gnutls/x509.h, lib/x509/verify-high.c:
1013 gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
1016 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1018 * lib/pkcs11_write.c: initialize the size value
1020 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1022 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c:
1023 Include the correct header for the self tests functions
1025 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1029 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1031 * lib/ext/safe_renegotiation.c: removed redundant code. Reported by
1034 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1036 * libdane/dane.c: increased MAX_DATA_ENTRIES to 100.
1038 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1040 * libdane/dane.c: rearranged code
1042 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1044 * src/cli.c: only fail DANE verification if status is non-zero
1046 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1048 * libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
1049 certificate using DANE if there is at least one entry that matches
1050 the certificate. This corrects the previous behavior that was rejecting the
1051 certificate if there were multiple entries and one couldn't be
1052 validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
1053 DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
1055 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1059 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1061 * lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
1062 if the call to gnutls_global_init() failed.
1064 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1066 * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
1067 initialization of random generator. Reported by Martin Kletzander.
1069 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1071 * lib/nettle/rnd.c: Revert "Avoid dual initialization of random
1072 generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.
1074 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1076 * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
1077 lib/accelerated/x86/aes-cbc-x86-aesni.c,
1078 lib/accelerated/x86/aes-cbc-x86-ssse3.c,
1079 lib/accelerated/x86/aes-gcm-padlock.c,
1080 lib/accelerated/x86/aes-gcm-x86-aesni.c,
1081 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
1082 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
1083 lib/accelerated/x86/aes-padlock.c,
1084 lib/accelerated/x86/sha-padlock.c,
1085 lib/accelerated/x86/sha-x86-ssse3.c,
1086 lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h,
1087 lib/accelerated/x86/x86.h: x86.h was renamed to x86-common.h to
1088 avoid clashes with system headers.
1090 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1094 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1096 * lib/nettle/rnd.c: Avoid dual initialization of random generator.
1097 Reported by Martin Kletzander.
1099 2014-04-19 Kurt Roeckx <kurt@roeckx.be>
1101 * lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
1102 mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1104 2014-04-19 Kurt Roeckx <kurt@roeckx.be>
1106 * lib/fips.c: Add _gnutls_fips_mode_enabled() return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1108 2014-04-19 Andreas Metzler <ametzler@bebt.de>
1110 * lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
1112 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1114 * lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
1115 suggestion by Shawn (sth0r2046 [at] gmail.com).
1117 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1119 * lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
1120 (sth0r2046 [at] gmail.com).
1122 2014-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1124 * src/certtool.c: Allow exporting a CRL in DER format.
1126 2014-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1128 * AUTHORS, THANKS: cleaned up authors and thanks file.
1130 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1132 * tests/suite/Makefile.am, tests/suite/invalid-cert,
1133 tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
1134 tests/suite/testrandom: More script tests run under valgrind
1136 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1138 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
1139 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
1140 tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.
1142 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1144 * lib/x509/x509.c: Treat othername as printable (i.e., null
1145 terminate it), as the XMPP printing code assumes that.
1147 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1149 * lib/x509/output.c: cleanups in output
1151 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1153 * guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
1154 longer possible in 3.3.x.
1156 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1158 * NEWS: relased 3.3.1
1160 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1162 * tests/suite/testpkcs11: changed port to allow parallelization
1164 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1166 * lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
1167 longer part of the API (though it remains in the ABI).
1169 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1171 * lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
1172 gnutls_secure_malloc() to avoid breaking ABI. gnutls_secure_calloc() is no longer exported as it was never in any
1175 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1177 * lib/Makefile.am: removed file from Makefile that doesn't exist
1179 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1181 * src/cli.c: gnutls-cli will no longer allow the session to proceed
1182 if DANE verification fails.
1184 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1188 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1190 * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
1191 tests/cert-tests/xmpp-othername.pem: Added test certificate with
1192 multiple XMPP othername SAN fields.
1194 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1196 * lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
1197 lib/x509/x509.c: Corrected decoding of XMPP SAN othername. This also corrects the semantics of the get_*_othername_oid()
1198 functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().
1200 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1202 * lib/x509/x509_ext.c: always initialize size values
1204 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1206 * lib/x509/common.c: copy_string() and copy_data() are more
1207 resilient on null input
1209 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1211 * tests/scripts/common.sh: increased server startup wait time. That is because we now check for key/certificate match via a
1212 sign/verify request that may take longer in some systems. Based on
1213 patch by Andreas Metzler.
1215 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1219 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1221 * lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get(). That caused a null pointer dereference when extracting names from a
1222 certificate that contained an OtherName. Reported and investigated
1223 by Kirill A. Shutemov.
1225 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1227 * lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
1228 the already unused secure alloc functions.
1230 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1232 * lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
1233 lib/safe-memset.c: Use a harder to optimize out memset().
1235 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1239 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1243 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1247 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1249 * lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.
1251 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1253 * tests/pskself.c: include hint into psk test.
1255 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1257 * lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.
1259 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1261 * tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.
1263 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1265 * lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK
1267 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1269 * lib/gnutls_psk.c: eliminated the leak of hint when deallocating
1272 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1274 * lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
1275 replacing of auth info based on the provided credentials type. This avoids issues with discrepances in server and client mode.
1277 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1279 * lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
1280 lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
1281 lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
1282 lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
1283 lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
1284 lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.
1286 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1288 * src/cli-args.def, src/cli.c: Both DANE and PKI verification are
1289 advisory when --tofu is being used.
1291 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1295 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1297 * lib/gnutls_buffers.c: When checking for data to be received use
1298 the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
1299 Reported and investigated by JMRecio.
1301 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1303 * src/cli-args.def: doc update
1305 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1307 * src/cli.c: documentation update.
1309 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1311 * src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various
1312 verification methods.
1314 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1316 * src/cli-args.def: Updated TOFU documentation. Suggested by Jens
1319 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1321 * src/p11tool.c: added newlines to p11tool error messages
1323 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1327 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1329 * lib/fips.c: corrected uninitialized value
1331 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1333 * doc/Makefile.am: removed conditionally exported functions.
1335 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1337 * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
1338 lib/includes/gnutls/self-test.h: Added self check functions to
1341 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1343 * configure.ac, m4/hooks.m4: bumped versions
1345 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1347 * tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
1348 tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
1349 issues in the future
1351 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1353 * tests/chainverify.c: increased the space available for
1354 certificates. That avoids a crash in sparc64; reported by Andreas Metzler.
1356 2014-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1358 * lib/x509/verify-high.c: doc update
1360 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1362 * src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.
1364 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1366 * src/Makefile.am: use the same cflags for included programs as with
1369 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1371 * libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
1374 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1376 * lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
1377 lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
1378 lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
1379 lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
1380 lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
1381 lib/verify-tofu.c: several bug fixes due to coverity.
1383 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1385 * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
1386 lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
1387 fixes due to coverity.
1389 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1391 * lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
1392 lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
1393 lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
1394 reported from coverity in opencdk.
1396 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1398 * lib/gnutls_buffers.c: correctly check for message upper limit.
1400 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
1402 * lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
1403 only CRLs in gnutls_x509_trust_list_add_trust_file().
1405 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
1407 * doc/cha-gtls-app.texi: doc update
1409 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
1411 * src/cli-args.def: Added the PFS priority string.
1413 2014-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1415 * NEWS: corrected Peter's name!
1417 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1421 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1423 * tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
1424 tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
1425 tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.
1427 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1429 * lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
1430 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
1431 #8 files with ECC parameters from openssl. These files do not contain the curve information with the private
1432 key (ECPrivateKey), but they rather contain it in the
1433 privateKeyAlgorithm.
1435 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1437 * lib/ext/heartbeat.c: More strict checking of heartbeat padding
1438 size boundaries. This will let us enforce RFC6520 minimum size for padding. Suggest
1439 by Peter Williams; initially investigated by Frank Li.
1441 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1443 * lib/gnutls_mem.h: unconditionally zeroize temporal keys.
1445 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1447 * cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.
1449 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1451 * tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
1454 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1456 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
1457 the FIPS140-specific functions into the main documentation.
1459 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1461 * tests/key-tests/Makefile.am: Added missing file
1463 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1465 * NEWS: updated documentation
1467 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1469 * lib/libgnutls.map, symbols.last: updated exported symbols table.
1471 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1475 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1477 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
1478 lib/libgnutls.map: mark functions that are only available under
1481 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1483 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
1484 auto-generated files.
1486 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1488 * lib/x509/rfc2818_hostname.c: doc update
1490 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1492 * lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
1493 public and private keys match.
1495 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1497 * lib/gnutls_pubkey.c: doc update
1499 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1501 * cross.mk: update gmplib location
1503 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1505 * lib/Makefile.am: removed double entry
1507 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1509 * tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
1512 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1514 * .gitignore: more files to ignore
1516 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1518 * lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
1519 include this gnulib module.
1521 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1523 * tests/suite/Makefile.am: do not build ecore when cross-compiling
1526 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1528 * src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
1529 src/gl/m4/gnulib-comp.m4: Added bind gnulib module.
1531 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1533 * src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
1534 src/gl/m4/gnulib-comp.m4: Added connect gnulib module.
1536 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1538 * gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
1539 gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
1540 gl/tests/Makefile.am, gl/tests/test-getdelim.c,
1541 gl/tests/test-getline.c: Added getline() in gnulib.
1543 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1545 * configure.ac: corrected configure test for pthread_mutex_lock
1547 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1549 * lib/gnutls_x509.c, lib/x509/x509.c: updated documentation
1551 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1553 * tests/suite/certs/create-chain.sh: updated test cert generator.
1555 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1557 * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
1558 doc/examples/verify.c, lib/gnutls_cert.c,
1559 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
1560 src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
1561 tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
1562 the extendable gnutls_certificate_verify_peers(). That will allow adding new functionality to verification without the
1563 need to add new functions.
1565 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1567 * NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
1568 doc/examples/ex-client-x509.c, doc/examples/verify.c,
1569 lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
1570 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
1571 tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
1572 verify in addition to hostname, the purpose of the end-certificate.
1574 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1576 * m4/hooks.m4: bumped version
1578 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1580 * lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
1581 using gnutls_certificate_verify_peers3().
1583 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1585 * lib/gnutls_cert.c: doc update
1587 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
1589 * lib/ext/heartbeat.c: doc update
1591 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1593 * lib/gnutls_priority.c: modify to conform to the documentated
1596 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1598 * cross.mk: updated makefile
1600 2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1602 * configure.ac, lib/Makefile.am: avoid checking or linking with
1603 libpthread in windows
1605 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1607 * tests/suite/testpkcs11: Corrected check for softhsm shared object.
1609 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1611 * lib/gnutls_priority.c: Allow multiple spaces into priorities file.
1613 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1615 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
1616 The "SYSTEM" initial keyword was replaced with the more generic
1617 "@KEYWORD" The @KEYWORD string will open the pre-configured system priority
1618 file and will expand the KEYWORD, to the priority string set in the
1619 file. The file should have the following format:
1620 KEYWORD=PRIORITY_STRING
1622 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
1624 * lib/gnutls_int.h: Use the IANA assigned padding extension number.
1626 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1628 * tests/suite/testpkcs11: skip the test if softhsm doesn't exist
1630 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1632 * .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
1633 and config in tests to allow parallel runs.
1635 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1637 * README-alpha: added softhsm dependency for testsuite
1639 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1641 * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
1642 tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
1643 softhsm That allows us running it in the normal test suite.
1645 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1647 * src/certtool-args.def, src/certtool.c, src/cli-args.def,
1648 src/cli.c, src/p11tool.c: Allow using the --provider parameter in
1649 gnutls-cli and certtool to specify a PKCS #11 module.
1651 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1653 * tests/suite/pkcs11-chainverify.c: updated test to run in more
1656 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1658 * lib/pkcs11.c: set the same flags in the second search
1660 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1662 * .gitignore: ignore the softhsm test suite files.
1664 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1666 * tests/suite/testpkcs11: fixed bashisms
1668 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1670 * tests/suite/certs/create-chain.sh: depend on bash for the
1673 2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1675 * tests/mini-x509.c: Enhanced test to check that the correct number
1676 of certificates is received
1678 2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1680 * lib/gnutls_x509.c: corrected check for sorted server certificate
1683 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1685 * lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
1686 is specific to p11-kit trust modules.
1688 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1690 * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
1691 the certificate verification tests in PKCS #11-based verification
1694 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1696 * lib/x509/verify.c: Perform time check when removing a certificate
1697 in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
1699 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1701 * lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
1702 same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
1703 certificate, and the self-signed isn't in our pkcs11 trusted list,
1704 make sure that we search for the non-self-signed as well. This
1705 affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
1708 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1710 * lib/pkcs11.c: Allow manually loading a 'trusted' module.
1712 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1714 * lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
1715 libraries from the destructor. If we do and the PKCS #11 modules are already being unloaded, we may
1716 crash. If the deinitialization of the PKCS #11 subsystem is
1717 required then, gnutls_pkcs11_deinit() must be explicitly called.
1719 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1721 * tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
1722 test chains from chainverify program.
1724 2014-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1726 * configure.ac, tests/Makefile.am, tests/key-id/Makefile.am,
1727 tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
1728 tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
1729 tests/key-id/key-ca.pem, tests/key-id/key-id,
1730 tests/key-id/key-user.pem, tests/key-tests/Makefile.am,
1731 tests/key-tests/README, tests/key-tests/ca-gnutls-keyid.pem,
1732 tests/key-tests/ca-no-keyid.pem,
1733 tests/key-tests/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
1734 tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
1735 tests/key-tests/key-ca.pem, tests/key-tests/key-id,
1736 tests/key-tests/key-user.pem, tests/key-tests/pkcs8: Added self-test
1737 for PKCS #8 key conversion and reading
1739 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1741 * tests/chainverify.c: the chainverify test ensures that there is no
1742 diverge between different verification functions.
1744 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1746 * lib/x509/verify-high.c: When verifying check for the same
1747 certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
1748 certificate, and the self-signed isn't in our trusted list, make
1749 sure that we search for the non-self-signed in our list as well.
1750 This affects, gnutls_x509_trust_list_verify_crt() and makes its
1751 results identical to gnutls_x509_crt_list_verify().
1753 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1755 * README-alpha: mention test on smart card support
1757 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1759 * README: Added make check to the make process in README
1761 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1765 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1767 * src/certtool-args.def, src/certtool-common.c,
1768 src/certtool-common.h, src/certtool.c: changed the behavior in
1769 certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
1770 output. The previous behavior of encrypting using an empty password
1771 can be replicated using --empty-password.
1773 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1775 * src/certtool-args.def: Updated documentation on null-password and
1776 password options of certtool.
1778 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1780 * tests/suite/testrandom: Added test to check verification with
1781 randomly generated certificates.
1783 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1785 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
1786 src/certtool.c: Combined the code to set CRL next update with
1787 certificate expiration date.
1789 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1793 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1795 * src/certtool-cfg.c: corrected typo
1797 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1799 * src/certtool-common.c: improved error message
1801 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1803 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
1804 src/certtool.c: When a CRL serial number is not specified, generate
1807 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1809 * doc/cha-shared-key.texi: doc update
1811 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1813 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
1814 lib/priority_options.gperf: Added priority string
1815 %DISABLE_WILDCARDS. This will disable any wildcard matching when comparing hostnames in
1818 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
1820 * NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
1821 lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
1822 lib/includes/gnutls/x509.h, lib/libgnutls.map,
1823 lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
1824 lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
1825 tests/hostname-check.c: Added verification flag to disable wildcard
1826 checking This adds the verification flag
1827 GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
1828 gnutls_x509_crt_check_hostname2(),
1829 gnutls_openpgp_crt_check_hostname2().
\v\18
1831 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1835 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1837 * tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
1838 tests/cert-tests/ca-no-pathlen.pem,
1839 tests/cert-tests/complex-cert.pem,
1840 tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
1841 SHA256 fingerprint output in certtool
1843 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1845 * lib/x509/x509.c: doc update
1847 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
1849 * lib/x509/output.c: Print the SHA256 fingerprint of the certificate
1850 in addition to SHA1.
1852 2014-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1854 * lib/verify-tofu.c: doc update
1856 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1858 * lib/gnutls_ui.c: simplified
1859 gnutls_certificate_client_get_request_status() - no error is
1862 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1864 * lib/gnutls_record.c: doc update
1866 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1868 * lib/gnutls_record.c: cleaned up documentation of
1869 gnutls_record_send()
1871 2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1873 * tests/chainverify.c: Added test for CVE-2014-0092
1875 2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1877 * tests/Makefile.am: removed reference to mini_xssl
1879 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1881 * tests/chainverify.c: Added self checks for various verification
1884 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1886 * tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
1887 uncork usage under DTLS.
1889 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1891 * lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
1894 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
1896 * lib/gnutls_priority.c: using the SYSTEM priority string will fail
1897 if there is no system file
1899 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
1901 * doc/cha-gtls-app.texi: doc update
1903 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
1905 * NEWS: reformatted NEWS entries
1907 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
1909 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
1910 lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
1911 security. Introduced the LEGACY keyword which will enable the settings used in
1912 GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
1913 compatibility with weak or misconfigured servers is required.
1915 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
1917 * doc/manpages/Makefile.am: replaced wrong manpage generation
1920 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
1922 * lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
1923 lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation
1925 2014-03-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1927 * README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
1928 dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of
1929 GnuTLS can be redistributed. Update the README to reflect this change.
1931 2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1933 * configure.ac: Fix patch version calculation when it contains
1936 2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1938 * configure.ac: print RSA-EXPORT status
1940 2014-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1942 * lib/gnutls_str.c: use isascii instead of isprint for
1943 internationalized name detection
1945 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1947 * m4/hooks.m4: bump so version
1949 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1951 * src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
1954 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1956 * lib/auth/dh_common.c: add a check for invalid DH parameters.
1958 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1960 * tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
1961 DHE prime and exponent size.
1963 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1965 * doc/TODO: doc update
1967 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1969 * tests/x509-extensions.c: fixed test to use the correct function
1972 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1974 * lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
1975 lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
1976 tests/hostname-check.c: Severely simplified hostname matching. Now only wildcards only the leftmost position of the string are
1977 allowed (followed by at least two components), and are only taken
1978 into account into ascii strings. Non-ascii strings are compared
1979 byte-by-byte. That means that wildcards in the form
1980 bar*foo.example.com are no longer accepted, as well as wildcards of
1981 the form *.*.*.example.com.
1983 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1985 * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
1986 use commit suffix for functions that return a status code.
1988 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1990 * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
1993 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1997 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1999 * src/certtool-args.def: the longer e-mail caused crash in autogen's
2002 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2004 * NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
2005 doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
2006 lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
2007 lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
2008 lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
2009 some of the newly introduced functions
2011 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2013 * lib/gnutls_x509.c: set the invalid flag when the owner is
2016 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2018 * lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
2019 tests/hostname-check.c: Changed the behaviour in wildcard acceptance
2020 in certificates. Wildcards are only accepted when there are more than two domain
2021 components after the wildcard. This will prevent accepting
2022 certificates from CAs that issued '*.com', or 'www.*'.
2024 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2028 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2030 * tests/x509-extensions.c: Added more key usage flags in the test
2031 for x509-extensions.
2033 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2035 * tests/x509-extensions.c: x509-extensions test will fail if an
2036 unhandled extension is found.
2038 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2040 * lib/Makefile.am: ship the gperf file and the generated one.
2042 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2044 * .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
2045 doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update
2047 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2049 * doc/cha-cert-auth.texi: documented the new X.509 extension API
2051 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2053 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
2054 can now write more than a single crl_dist_point.
2056 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2058 * tests/Makefile.am, tests/cert-tests/template-test.pem,
2059 tests/cert-tests/template-test.tmpl,
2060 tests/cert-tests/template-utf8.pem,
2061 tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
2062 tests/x509-extensions.c: Added unit tests for new API
2064 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2066 * lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
2067 lib/includes/gnutls/x509.h, lib/libgnutls.map,
2068 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
2069 lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
2070 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
2071 lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
2072 X.509 extensions. This API handles the X.509 extensions in separate, allowing to parse
2073 similarly formatted extensions stored in other structures. In
2074 addition functions that simplify the extraction of extensions from
2075 known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.
2077 2014-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2081 2014-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
2083 * lib/x509/extensions.c: Corrected error checking in
2084 _gnutls_x509_ext_gen_proxyCertInfo
2086 2014-03-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
2088 * doc/TODO: doc update
2090 2014-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2092 * src/serv.c: initialize pointer
2094 2014-03-12 Luis G.F <luisgf@gmail.com>
2096 * src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
2097 reference is lost if an allocation error occured. Signed-off-by: Luis G.F <luisgf@luisgf.es>
2099 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2101 * src/certtool-cfg.c: use the number of seconds as serial in 32-bit
2104 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2106 * lib/auth/cert.c: Only check PK compatibility in client side but
2107 also when using openpgp certs.
2109 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2111 * lib/algorithms/kx.c: corrected initializer
2113 2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
2115 * lib/auth/cert.c: shortend static function names.
2117 2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
2119 * lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
2120 that the algorithm of the received certificate matches the expected.
2122 2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2126 2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2128 * doc/Makefile.am, doc/cha-functions.texi,
2129 doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
2130 doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
2131 doc/manpages/Makefile.am, lib/Makefile.am,
2132 lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
2133 lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
2134 tests/mini-xssl.c: The xssl experimental library was removed. While the idea of a high level library is nice, there are no
2135 resources to maintain an additional library.
2137 2014-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2139 * configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
2140 enable linking with nettle-mini
2142 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2144 * lib/x509/verify.c: re-enabled certificate verification
2146 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2148 * lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
2149 SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
2150 defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
2151 under SSL 3.0, it will during MAC initialization.
2153 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2155 * lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
2156 lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
2157 lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
2158 lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
2159 lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
2160 lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
2161 lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
2162 lib/x509/x509.c: stricter type usage
2164 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2166 * lib/accelerated/x86/aes-padlock.h,
2167 lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
2168 lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
2171 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2173 * lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
2174 lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
2175 lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
2178 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2180 * lib/x509/common.c: silence some warnings
2182 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2184 * lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
2185 lib/verify-tofu.c: clang warning fixes
2187 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2189 * src/certtool-cfg.c: removed unused variables.
2191 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
2193 * src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
2194 will not be able to find the input file if GnuTLS is built out of
2195 tree, e.g. mkdir build cd build ../configure make Also, add missing targets for %-args.h, to avoid this error: make[2]: Entering directory `/home/user/gnutls/src' autogen srptool-args.def autogen psk-args.def make[2]: *** No rule to make target `ocsptool-args.h', needed by
2196 `all'. Stop. make[2]: Leaving directory
2197 `/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
2198 instead of using a GNU '%' pattern rule:
2199 https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>
2201 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
2203 * .gitignore, doc/Makefile.am: Fix build failures involving
2204 doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
2205 with no input file and it will hang forever waiting for content from
2206 stdin: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums cd ../src/ && autogen -Tagtexi-cmd.tpl && \ rm -f ../doc/invoke-gnutls-cli.texi && \ ../doc/scripts/cleanup-autogen.pl
2207 <../src/invoke-gnutls-cli.texi
2208 >../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
2209 ../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
2210 rm -f ../src/invoke-gnutls-cli.texi <HANG> Since these documents are @include'd by other documents, it is
2211 probably a good idea to make sure the targets are buildable in case
2212 they get listed as prerequisites. 2) SRC_DEF_* used relative paths which are correct for an in-place
2213 build, but incorrect for an out-of-tree build. They should use
2214 something like $(top_srcdir)/src to resolve the ambiguity. 3) cleanup-autogen.pl was also referenced using a relative pathname,
2215 breaking out-of-tree builds. 4) The non-portable "sed -i" flag was used. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2217 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
2219 * README-alpha: README-alpha: Add gperf dependency for building from
2220 git Without gperf, priority-options.h does not get built and this
2221 results in a compile error. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2223 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
2225 * src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
2226 missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2228 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
2230 * lib/x509/verify.c: more type separation
2232 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
2234 * src/Makefile.am: use psktool-args
2236 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
2238 * lib/x509/verify.c: more type separation
2240 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
2242 * lib/x509/verify.c: separated types for easier verification
2244 2014-03-06 Kevin Cernekee <cernekee@gmail.com>
2246 * .gitignore, doc/manpages/Makefile.am, src/Makefile.am,
2247 src/psk-args.def, src/psk.c, src/psktool-args.def: Rename
2248 psk-args.def to psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
2249 currently invoke-psktool.texi is generated from psk-args.def. If we
2250 make psktool conform to the same convention as the other utilities,
2251 we can use a generic pattern to handle all of them the same way. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2253 2014-03-06 Kevin Cernekee <cernekee@gmail.com>
2255 * doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
2256 $(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum <
2257 ../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
2258 file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
2260 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2262 * lib/openpgp/extras.c: Ensure failure when no base64 data have been
2263 read. Suggested by Ramkumar Chinchani.
2265 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2267 * lib/Makefile.am: xssl compilation fix; patch by Colin Leroy
2269 2014-03-05 Jason Spafford <nullprogrammer@gmail.com>
2271 * lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
2272 parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
2274 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2276 * Makefile.am, symbols.last: Added symbol check prior to release
2277 (after discussion with Andreas Metzler)
2279 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2281 * doc/Makefile.am, doc/manpages/Makefile.am: updated doc
2283 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2285 * build-aux/test-driver, build-aux/ylwrap: updated build-aux files
2287 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2289 * doc/Makefile.am: removed no-split as it causes issues in pdf
2292 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2294 * gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
2295 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
2296 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
2297 gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
2298 gl/tests/test-bind.c, gl/tests/test-connect.c,
2299 gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
2300 gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
2303 2014-03-05 Nick Alcock <nick.alcock@oracle.com>
2305 * configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
2306 if autogen is not needed. After commit 6addbc3, specifying --enable-local-libopts
2307 unconditionally replaces the autogen-erated files with their
2308 distributed copies, and substitutes AUTOGEN to false. The assumption here is that if --enable-local-libopts is not
2309 specified, autogen cannot be installed, and that the distributed
2310 copies necessarily exist. Neither assumption is always correct.
2311 e.g. someone building a 32-bit copy of GnuTLS from git with a copy
2312 of autogen on their system will have a 64-bit copy of libopts, and a
2313 working /usr/bin/autogen, but not a 32-bit libopts. Since building
2314 autogen depends on Guile, this is a rather heavyweight pile of gear
2315 to require. (You can force a successful build in this case, but it
2316 requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
2317 distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
2318 we do not substitute AUTOGEN, so as to let any copy of autogen that
2319 configure found on the system do its job if necessary, while not
2320 forcing the user to link against the copy of libopts which came with
2321 that autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2323 2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2325 * configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
2326 lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c:
2327 session tickets can be disabled
2329 2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2331 * doc/examples/Makefile.am, lib/ext/cert_type.c,
2332 lib/ext/status_request.c, lib/gnutls_extensions.c,
2333 lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c:
2334 increased code disabled from disable-ocsp and disable-openpgp
2337 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2339 * doc/cha-gtls-app.texi, lib/ext/Makefile.am,
2340 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
2341 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
2342 lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
2343 lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
2344 lib/priority_options.gperf, src/cli-args.def,
2345 tests/mini-record-2.c, tests/mini-record-range.c,
2346 tests/mini-record.c: NEW_PADDING has been removed. This extension did not get accepted by IETF so it is now being
2347 removed. The gnutls_range API is kept in case length hiding is
2348 implemented in a different way at some point.
2350 2014-03-05 Ludovic Courtès <ludo@gnu.org>
2352 * doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
2355 2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2357 * m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.
2359 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2361 * doc/examples/Makefile.am: examples include both gnulibs
2363 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2365 * src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
2366 src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
2367 src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
2368 src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
2369 src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
2370 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
2371 src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
2372 src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
2373 src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
2374 src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl
2376 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2378 * gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
2379 gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
2380 gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
2381 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
2382 gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
2383 gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
2384 gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
2385 gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
2386 gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
2387 gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
2388 gl/tests/test-getline.c: removed getpass from gl/
2390 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2392 * .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates
2394 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2396 * src/Makefile.am: changes for new gnulib in src/
2398 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2400 * lib/nettle/rnd-common.c: corrent error print in win32
2402 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2404 * lib/fips.c, lib/system.c: Changes to account for the reduced
2407 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2409 * src/crywrap/crywrap.c: added missing declaration
2411 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2413 * lib/gnutls_global.c: removed any dependencies to gnulib network
2416 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2418 * lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
2419 insistence to replace strerror
2421 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2423 * src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
2424 src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
2425 src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
2426 src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
2427 src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
2428 src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
2429 src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
2430 src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
2431 src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
2432 src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
2433 src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
2434 src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
2435 src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
2436 src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
2437 src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
2438 src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
2439 src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
2440 src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
2441 src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
2442 src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
2443 src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
2444 src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
2445 src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
2446 src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
2447 src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
2448 src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
2449 src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
2450 src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
2451 src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
2452 src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
2453 src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
2454 src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
2457 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
2459 * gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
2460 gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
2461 gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
2462 gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
2463 gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
2464 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
2465 gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
2466 gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
2467 gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
2468 gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
2469 gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
2470 gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
2471 gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
2472 gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
2473 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
2474 gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
2475 gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
2476 gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
2477 gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
2478 gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
2479 gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
2480 gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
2481 gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
2482 gl/tests/test-accept.c, gl/tests/test-close.c,
2483 gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
2484 gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
2485 gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
2486 gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
2487 gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
2488 gl/tests/test-listen.c, gl/tests/test-lstat.c,
2489 gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
2490 gl/tests/test-pathmax.c, gl/tests/test-perror.c,
2491 gl/tests/test-perror.sh, gl/tests/test-perror2.c,
2492 gl/tests/test-pipe.c, gl/tests/test-recv.c,
2493 gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
2494 gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
2495 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
2496 gl/tests/test-select.h, gl/tests/test-send.c,
2497 gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
2498 gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
2499 gl/tests/test-stat.c, gl/tests/test-stat.h,
2500 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
2501 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
2502 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
2505 2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2507 * src/crywrap/crywrap.c: fixed more memory leaks in crywrap
2509 2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2511 * src/crywrap/crywrap.c: addressed memory leak in crywrap.c
2513 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2515 * lib/x509/verify-high.c: check the blacklist for certificates
2516 provided in gnutls_x509_trust_list_verify_named_crt().
2518 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2520 * configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
2523 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2525 * doc/cha-library.texi: rsa-export is no more
2527 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2529 * doc/cha-library.texi: updated option for TPM
2531 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2535 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2537 * src/common.h: replace select() on windows
2539 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2541 * lib/gnutls_buffers.c: print message before failing when the pull
2542 timeout function isn't replaced.
2544 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2546 * lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
2547 SHA1; suggested by Manuel Pégourié-Gonnard.
2549 2014-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2551 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
2552 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
2553 build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
2554 build-aux/useless-if-before-free, build-aux/vc-list-files,
2555 doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
2556 gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
2557 gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
2558 gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
2559 gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
2560 gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
2561 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
2562 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
2563 gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
2564 gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
2565 gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
2566 gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
2567 gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
2568 gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
2569 gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
2570 gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
2571 gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
2572 gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
2573 gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
2574 gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
2575 gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
2576 gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
2577 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
2578 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
2579 gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
2580 gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
2581 gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
2582 gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
2583 gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
2584 gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
2585 gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
2586 gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
2587 gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
2588 gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
2589 gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
2590 gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
2591 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
2592 gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
2593 gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
2594 gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
2595 gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
2596 gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
2597 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
2598 gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
2599 gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
2600 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
2601 gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
2602 gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
2603 gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
2604 gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
2605 gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
2606 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
2607 gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
2608 gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
2609 gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
2610 gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
2611 gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
2612 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
2613 gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
2614 gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
2615 gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
2616 gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
2617 gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
2618 gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
2619 gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
2620 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
2621 gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
2622 gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
2623 gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
2624 gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
2625 gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
2626 gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
2627 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
2628 gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
2629 gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
2630 gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
2631 gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
2632 gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
2633 gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
2634 gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
2635 gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
2636 gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
2637 gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
2638 gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
2639 gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
2640 gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
2641 gl/tests/test-base64.c, gl/tests/test-binary-io.c,
2642 gl/tests/test-bind.c, gl/tests/test-byteswap.c,
2643 gl/tests/test-c-ctype.c, gl/tests/test-close.c,
2644 gl/tests/test-connect.c, gl/tests/test-dup2.c,
2645 gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
2646 gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
2647 gl/tests/test-float.c, gl/tests/test-fputc.c,
2648 gl/tests/test-fread.c, gl/tests/test-fseek.c,
2649 gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
2650 gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
2651 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
2652 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
2653 gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
2654 gl/tests/test-func.c, gl/tests/test-fwrite.c,
2655 gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
2656 gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
2657 gl/tests/test-getline.c, gl/tests/test-getpeername.c,
2658 gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
2659 gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
2660 gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
2661 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
2662 gl/tests/test-ioctl.c, gl/tests/test-listen.c,
2663 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
2664 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
2665 gl/tests/test-netinet_in.c, gl/tests/test-open.c,
2666 gl/tests/test-open.h, gl/tests/test-pathmax.c,
2667 gl/tests/test-perror.c, gl/tests/test-perror2.c,
2668 gl/tests/test-pipe.c, gl/tests/test-read-file.c,
2669 gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
2670 gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
2671 gl/tests/test-select.c, gl/tests/test-select.h,
2672 gl/tests/test-send.c, gl/tests/test-sendto.c,
2673 gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
2674 gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
2675 gl/tests/test-sockets.c, gl/tests/test-stat.c,
2676 gl/tests/test-stat.h, gl/tests/test-stdalign.c,
2677 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
2678 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
2679 gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
2680 gl/tests/test-strerror_r.c, gl/tests/test-string.c,
2681 gl/tests/test-strings.c, gl/tests/test-strnlen.c,
2682 gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
2683 gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
2684 gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
2685 gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
2686 gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
2687 gl/tests/test-sys_wait.h, gl/tests/test-time.c,
2688 gl/tests/test-u64.c, gl/tests/test-unistd.c,
2689 gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
2690 gl/tests/test-vc-list-files-cvs.sh,
2691 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
2692 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
2693 gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
2694 gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
2695 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
2696 gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
2697 src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
2698 src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
2699 src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
2700 src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
2701 src/gl/intprops.h, src/gl/m4/00gnulib.m4,
2702 src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
2703 src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
2704 src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
2705 src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
2706 src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
2707 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
2708 src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
2709 src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
2710 src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
2711 src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
2712 src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
2713 src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
2714 src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
2715 src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
2716 src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
2717 src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
2718 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
2719 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
2720 src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
2721 src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
2722 src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
2723 src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
2724 src/gl/parse-datetime.h, src/gl/parse-datetime.y,
2725 src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
2726 src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
2727 src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
2728 src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
2729 src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
2730 src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
2731 src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
2732 src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c:
2735 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2737 * lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
2738 when they are available in TLS1.0
2740 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2742 * lib/gnutls_priority.c: The default priority is reset to NORMAL
2744 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2746 * lib/gnutls_priority.c: Revert "the default priorities are reset to
2747 be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.
2749 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2751 * doc/cha-gtls-app.texi: mention SHA384 as MAC option
2753 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2755 * src/cli-args.def, src/serv-args.def: documented the defaults
2757 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2759 * lib/gnutls_priority.c: the default priorities are reset to be
2760 NORMAL. Reported by Manuel Pégourié-Gonnard.
2762 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2764 * src/serv-args.def: Add required priorities
2766 2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2768 * lib/x509/verify.c: Preinitialize values; suggested by Sebastian
2769 Krahmer and Tomas Hoger.
2771 2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
2773 * lib/x509/verify.c: added doc on is_issuer() checks
2775 2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2777 * lib/gnutls_cert.c: removed not trusted message; reported by Michel
2780 2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2782 * tests/chainverify.c: updated for verification updates
2784 2014-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2786 * lib/x509/verify.c: Updated verification function
2788 2014-02-22 Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
2790 * src/cli-args.def, src/cli.c: New option --stricttofu for
2791 gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
2792 certificate changes. I added the option --stricttofu that omits the
2793 question and fails instead. The contribution is in accordance to the "Developer's Certificate of
2794 Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>
2796 2014-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2798 * lib/gnutls_handshake.c: moved priorities check to the first call
2801 2014-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2803 * lib/nettle/rnd-common.c: removed duplicate definition; reported by
2806 2014-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
2808 * doc/README.CODING_STYLE: updated coding style
2810 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2814 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2816 * tests/cert-tests/template-nc.pem: added cert
2818 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2820 * tests/cert-tests/template-test: corrected check
2822 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2824 * lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
2827 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2829 * tests/suite/testdane: updated
2831 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2835 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2837 * lib/x509/name_constraints.c: When appending a name, ensure that we
2838 append to the end of the list.
2840 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2842 * lib/x509/name_constraints.c: use gnutls_free()
2844 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2846 * src/certtool-args.def: corrected email in texi
2848 2014-02-20 Attila Molnar <attilamolnar@hush.com>
2850 * lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
2851 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
2852 resistance against guessing usernames When a client tries to authenticate using an unknown username,
2853 instead of generating a random salt every time, generate the salt
2854 based on the username and a secret seed. The seed is settable by the application, allowing servers to re-use
2855 the same seed after a restart. A random seed is generated for each newly allocated SRP server
2856 credentials structure, meaning that applications not using the new
2857 API to set the seed continue to work and gain limited advantage
2858 (because they use a different seed after every restart). For further information see section 2.5.1.3. in RFC 5054. Signed-off-by: Attila Molnar <attilamolnar@hush.com>
2860 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2862 * lib/x509/verify-high.c: small artistic changes
2864 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2866 * lib/x509/verify.c: check against the success value
2868 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2870 * lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
2871 bool types when needed.
2873 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2875 * lib/x509/verify.c: ensure failure when parsing fails.
2877 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2879 * lib/x509/name_constraints.c: allow ip address as constraint
2881 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2883 * lib/x509/verify.c: Added check for IPaddress
2885 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2889 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2891 * tests/chainverify.c: Added tests for name constraints addition.
2893 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2895 * src/certtool.c: better error printing
2897 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2899 * lib/x509/extensions.c: corrected empty name check
2901 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2903 * tests/cert-tests/template-nc.pem,
2904 tests/cert-tests/template-nc.tmpl: Updated test for name constraints
2905 to include empty constraints names.
2907 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2909 * lib/x509/output.c: pretty print empty DNSnames
2911 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2913 * lib/x509/common.c, lib/x509/name_constraints.c:
2914 _gnutls_x509_read_value() can now read empty values.
2916 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2918 * lib/x509/extensions.c: Allow empty names.
2920 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2922 * src/certtool-cfg.c: removed debugging
2924 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2926 * lib/x509/extensions.c: Added check for null
2928 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2930 * lib/x509/name_constraints.c: If alternative names are found, don't
2931 bother checking the DN.
2933 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2935 * tests/suite/certs/create-chain.sh: Added tool to create a
2938 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2940 * lib/x509/output.c: properly indent name constraints
2942 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2944 * lib/x509/x509.c: _gnutls_parse_general_name2() will return the
2947 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2949 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
2950 src/certtool.c, tests/cert-tests/Makefile.am,
2951 tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test:
2952 certtool allows setting name constraints.
2954 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2956 * lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
2959 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2961 * lib/x509/verify.c: simplify names
2963 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2965 * lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
2968 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2970 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
2971 lib/x509/name_constraints.c: Added
2972 gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
2975 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
2977 * lib/x509/name_constraints.c, tests/name-constraints.c,
2978 tests/suppressions.valgrind: Added support for e-mail constraints.
2980 2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2982 * tests/name-constraints.c: Added more constraints tests for
2983 unsupported structures.
2985 2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2987 * lib/x509/name_constraints.c: Corrected check for present
2988 constraints in unsupported types.
2990 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2992 * doc/examples/ex-ocsp-client.c: fix small leak
2994 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2996 * src/ocsptool.c: When verifying a response and a signer isn't
2997 provided assume that the signer is the issuer.
2999 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
3001 * src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
3002 src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
3003 check if it is available on the reply.
3005 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
3007 * lib/x509/name_constraints.c: properly deinitialize name
3008 constraints structure.
3010 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
3012 * doc/examples/ex-ocsp-client.c: Verify in example that the sent
3013 nonce matches the received nonce. Reported by Benny Baumann.
3015 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
3017 * tests/name-constraints.c: Added missing file
3019 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3021 * lib/priority_options.gperf: priority string flag
3022 VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy
3024 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3026 * lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
3027 handshake timers when gnutls_handshake() is called.
3029 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3031 * tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
3032 catch a timeout issue in handshake().
3034 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3036 * lib/gnutls_handshake.c: doc update
3038 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3040 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
3041 multiple flags in gnutls_x509_crt_get_name_constraints()
3043 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3045 * lib/x509/name_constraints.c: Do not deinitialize the constraints
3046 structure when reading the constraints fails.
3048 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3050 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
3051 lib/x509/output.c: Allow appending name constraints.
3053 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3055 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
3056 setting a non-critical name-constraints extension.
3058 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3060 * lib/x509/name_constraints.c: better checking of unsupported
3063 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3067 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3069 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
3070 lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
3071 lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
3072 lib/x509/x509_int.h, tests/Makefile.am: Added support for name
3073 constraints X.509 extension. This allows to generate and read the name constraints extension, as
3074 well as check against the DNSNAME value.
3076 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3078 * configure.ac: depend on p11-kit 0.20.0 or later
3080 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3082 * tests/chainverify.c: changed names for clarity
3084 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3086 * lib/gnutls_pcert.c: Corrected bug in
3087 gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if
3088 gnutls_x509_crt_list_import() would fail with the provided data.
3089 Reported by Dmitriy Anisimkov.
3091 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3093 * tests/suppressions.valgrind: corrected suppressions file
3095 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3097 * lib/includes/gnutls/x509.h: do not mention
3098 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation
3100 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3102 * lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
3103 lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
3104 tests/chainverify.c: removed deprecated flag
3106 2014-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3108 * doc/latex/cover.tex: added Ted
3110 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3112 * lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.
3114 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3116 * lib/gnutls_privkey.c: set value to null after releasing
3118 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3120 * tests/slow/keygen.c: generate keys in the acceptable sizes in
3123 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3125 * tests/crq_key_id.c: generate 2048 bit keys in RSA mode
3127 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3129 * lib/x509/x509.c, lib/x509/x509_int.h: Added
3130 _gnutls_parse_general_name2()
3132 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3134 * lib/x509/common.c: ensure that _gnutls_x509_read_value works as
3137 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3139 * lib/x509/verify.c: ensure that the issuer in present in a trusted
3142 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3144 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
3145 GNUTLS_PKCS11_TOKEN_TRUSTED_UINT
3147 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3149 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
3150 GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().
3152 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3154 * lib/x509/verify.c: Use the
3155 GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
3156 trusted modules are used.
3158 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3160 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h:
3161 Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a
3162 marked as trusted PKCS #11 module. The marking is done on p11-kit
3165 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3167 * lib/pkcs11.c: mark trusted p11-kit modules as trusted.
3169 2014-02-12 Marcus Meissner <meissner@suse.de>
3171 * src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
3172 for the ipv6 address fails, this loop would fail and abort the
3173 socket listen code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3175 2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3177 * doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.
3179 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
3181 * tests/chainverify.c: Added test for pathlen constraints.
3183 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
3185 * tests/chainverify.c: Added check for v1 intermediate CA
3188 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
3190 * lib/x509/verify.c: Fix bug that prevented the rejection of v1
3191 intermediate CA certificates. Reported by Suman Jana.
3193 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
3195 * lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function
3197 2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
3201 2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
3203 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
3204 timestamps for serial numbers.
3206 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3208 * maint.mk: updated indent cmd
3210 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3212 * cfg.mk: corrected indent parameters
3214 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
3216 * lib/accelerated/x86/aes-cbc-x86-aesni.c,
3217 lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h:
3218 do not redefine the _gnutls_x86_cpuid_s symbol
3220 2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3222 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
3223 security levels of PFS, SECURE128 and SECURE192 keywords.
3225 2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3227 * lib/gnutls_priority.c: reduced security levels of SECURE128 and
3230 2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3232 * tests/mini-record-2.c: only test libz if it is available
3234 2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3236 * tests/mini-record-2.c: check errors from
3237 gnutls_priority_set_direct().
3239 2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3241 * doc/cha-tokens.texi: doc update
3243 2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3245 * lib/nettle/rnd.c: increased the interval between reading
3248 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3250 * po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
3251 po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
3252 po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.
3254 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3256 * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
3257 src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
3258 certtool option to allow asking for passwords even when in batch
3261 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3263 * src/certtool-common.c: use newlines in error printing
3265 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
3267 * lib/x509/verify.c: when using a PKCS #11 module for verification
3268 ensure that it has been marked a trusted module in p11-kit.
3270 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
3272 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
3273 GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
3274 p11-kit's P11_KIT_MODULE_TRUSTED flag.
3276 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
3278 * lib/gnutls_priority.c: use macros to set the level.
3280 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3282 * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
3283 reference manual to remove individual indexes that were not working.
3285 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3287 * tests/suite/ciphersuite/test-ciphersuites.sh: corrected
3288 test-ciphersuites.sh test
3290 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3292 * lib/gnutls_priority.c: consider the initial keyword set even when
3295 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3297 * lib/gnutls_priority.c: When two initial keywords are specified
3298 then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as
3299 SECURE256:+SECURE128.
3301 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3303 * lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
3304 multiple initial keywords in a priority string, the security level
3305 set is the one of the lowest security.
3307 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3309 * lib/x509/verify.c: better wording
3311 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3313 * lib/nettle/pk.c: corrected bug in DH exponent size calculation.
3315 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3317 * lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
3318 extension. This is an extension that is defined to be sent by the client but
3319 there are servers that include it as well. Most other
3320 implementations tolerate this behavior so we do.
3322 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3324 * lib/algorithms/ciphersuites.c: corrected typo
3326 2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3328 * lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
3329 requirements for all ciphersuites that are not GCM.
3331 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3333 * lib/nettle/pk.c: return proper error on RSA key generation failure
3335 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3337 * lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c:
3340 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3342 * lib/gnutls_hash_int.c: Added sanity check in hash_init() and
3345 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3347 * lib/nettle/rnd.c: use some kind of key continuity in the nonce
3350 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3354 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3356 * lib/x509/privkey.c: when importing public keys set the correct
3359 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3361 * lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
3364 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3366 * lib/nettle/int/dsa-keygen-fips186.c: corrected calculation
3368 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3370 * lib/includes/gnutls/gnutls.h.in: corrected prototype
3372 2014-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
3374 * lib/libgnutls.map, lib/nettle/Makefile.am,
3375 lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
3376 lib/nettle/pk.c: Added FIPS184-4 RSA key generation.
3378 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3380 * lib/gnutls_db.c, lib/libgnutls.map: rename function
3382 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3384 * lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
3385 lib/libgnutls.map: Added gnutls_db_get_cache_expiration()
3387 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3389 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.
3391 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3395 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3397 * lib/nettle/pk.c: removed unused variables
3399 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3401 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
3402 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
3403 gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().
3405 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3407 * lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
3408 lib/x509/privkey.c: Allow verification of public and private
3411 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3413 * lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
3416 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3418 * tests/resume.c: Added check for gnutls_db_check_entry_time().
3420 2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3424 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3426 * lib/gnutls_db.c: correctly read the magic number and timestamp;
3427 report and patch by Jonathan Roudiere
3429 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3431 * doc/scripts/getfuncs-map.pl: updated for new functions
3433 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3435 * NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
3436 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
3437 functions to export. gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
3438 gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
3439 gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
3440 gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw
3442 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3444 * lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
3445 lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512
3447 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3449 * lib/libgnutls.map: exported function needed for fips test
3451 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3453 * lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
3454 lib/gnutls_privkey_raw.c: compile missing file
3456 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3458 * lib/gnutls_privkey.c: indented
3460 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3462 * lib/gnutls_privkey.c: eliminated memory leak when generating a
3463 privvate key using gnutls_privkey_generate().
3465 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3467 * NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
3468 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
3469 to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
3470 gnutls_privkey_import_rsa_raw
3472 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3474 * lib/nettle/pk.c: corrected usage of privkey
3476 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3478 * tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
3481 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3483 * lib/x509/common.c: optimized string search in _oid2str table.
3485 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3487 * lib/x509/dn.c: copyright update
3489 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3491 * lib/x509/common.c: fixed null pointer derefence when printing a
3492 name and an LDAP description isn't present for the OID
3494 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3496 * doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
3497 gnutls_realloc_fast to false positives Conflicts: lib/libgnutls.map
3499 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3501 * Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
3502 to release verify that the exported functions in the .map file match
3505 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3507 * lib/libgnutls.map: exported missing functions
3509 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3511 * lib/libgnutls.map: exported function
3513 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3515 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
3516 lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
3519 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3521 * tests/mini-global-load.c: removed non-working test for static
3524 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3526 * lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.
3528 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3532 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3534 * tests/rng-fork.c: increased the number of bytes requested by the
3537 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3539 * lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
3540 The AES-CTR-based nonce random number generator was replaced with
3543 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3545 * .gitignore: more files to ignore
3547 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3549 * lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
3550 lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
3551 function prototypes.
3553 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3555 * lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
3556 the prototype of _gnutls_mpi_div
3558 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3560 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
3561 lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
3562 prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
3565 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3567 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
3568 lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
3569 prototype of _gnutls_mpi_powm
3571 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3573 * lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
3574 lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
3575 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
3576 lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
3577 lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
3578 lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
3581 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3583 * lib/nettle/pk.c: reduced warnings
3585 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3587 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
3588 lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
3589 lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
3590 _gnutls_mpi_set_ui,, _gnutls_mpi_copy
3592 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3594 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
3595 lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
3598 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3600 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
3601 lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
3602 lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
3603 added _gnutls_mpi_init_multi
3605 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3607 * lib/nettle/rnd.c: reduced the number of system calls made during
3608 the random generator lock.
3610 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3612 * doc/examples/ex-cert-select-pkcs11.c,
3613 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
3614 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
3615 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
3616 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
3617 lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
3618 string by default in examples (not yet).
3620 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3624 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3626 * lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
3627 to avoid becoming a bottleneck on processes with many threads.
3629 2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3631 * src/common.h: corrected push/pull function setting
3633 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
3635 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
3636 lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()
3638 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
3640 * lib/nettle/int/dsa-keygen-fips186.c,
3641 lib/nettle/int/dsa-validate.c: do not impose limits to index
3643 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
3645 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
3646 lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c:
3647 Fixes in the Shawe-Taylor prime generation routine.
3649 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
3651 * lib/nettle/int/provable-prime.c: cleanups
3653 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3655 * lib/nettle/int/dsa-keygen-fips186.c: increased seed length
3657 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3659 * lib/nettle/int/provable-prime.c: cleanups
3661 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3663 * lib/nettle/int/provable-prime.c: indented code
3665 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3667 * lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
3668 _gnutls_pk_params_copy makes a full duplicate.
3670 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3672 * lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
3673 lib/x509/privkey.c: Added macros to allow specifying a subgroup for
3676 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3678 * lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.
3680 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3682 * NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
3683 lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
3684 lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
3685 new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
3686 Added gnutls_privkey_get_pk_rsa_raw: Added
3688 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3690 * lib/libgnutls.map: exported more internal functions
3692 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3694 * lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
3697 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3699 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
3700 lib/nettle/int/dsa-validate.c: Split the generation of keypair from
3701 the generation of parameters.
3703 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3705 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
3706 lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
3707 _dsa_validate_dss_g, and other fixes in validation.
3709 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
3711 * lib/nettle/int/dsa-keygen-fips186.c,
3712 lib/nettle/int/dsa-validate.c: indented files
3714 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3716 * lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
3717 _dsa_generate_dss_pq
3719 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3721 * lib/nettle/int/dsa-keygen-fips186.c: fixed copyright
3723 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3725 * lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
3726 vectors for the fixed implementation.
3728 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3730 * lib/random.c: register FIPS140 random generator prior to
3733 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3735 * lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
3736 lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
3739 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3741 * lib/nettle/cipher.c: no point to fail on 3DES weak keys.
3743 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3745 * lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.
3747 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3749 * lib/crypto-api.c: use a single context for all stream ciphers.
3751 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3753 * lib/crypto-selftests.c: Added ARCFOUR-128 self test.
3755 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3757 * lib/gnutls_pubkey.c: always set subkey status
3759 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3761 * tests/mini-dtls-record.c: small updates in mini-dtls-record
3763 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3765 * lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS
3767 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3769 * lib/gnutls_handshake.c: simplified client hello generation
3771 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3773 * lib/gnutls_int.h: %COMPAT implies %DUMBFW
3775 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3777 * lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization
3779 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3781 * lib/gnutls_handshake.c: use a single buffer to generate the client
3784 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3788 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3790 * lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
3791 lib/random.c: The FIPS140 random number generator is enabled
3792 conditionally when required.
3794 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3796 * lib/includes/gnutls/gnutls.h.in: removed duplicate function
3798 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3800 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
3801 lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
3802 lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
3803 replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.
3805 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
3807 * lib/gnutls_global.c: use newline
3809 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
3811 * lib/gnutls_priority.c: when freeing priority_cache make sure it is
3814 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
3816 * lib/gnutls_x509.c: Clarified version
3818 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
3820 * NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h:
3821 gnutls_global_set_mem_functions was deprecated
3823 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
3825 * lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
3826 warning; all systems we support set this function.
3828 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3830 * doc/Makefile.am: generate info documentation in a single file
3832 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3834 * lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
3835 certificates is now replaced by the verification profiles.
3837 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3839 * lib/gnutls_int.h: no need to set profile to LOW as it is already
3842 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3844 * doc/examples/ex-cert-select-pkcs11.c,
3845 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
3846 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
3847 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
3848 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
3849 lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
3852 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3856 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3858 * lib/gnutls_priority.c: decreased certificate verification level to
3861 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3863 * lib/gnutls_int.h, lib/x509/verify.c: When verifying a
3864 certificate's security level ensure that the hash is within the
3867 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3869 * lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
3870 lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()
3872 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3874 * tests/cert-tests/complex-cert.pem: updated test for level rename
3876 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3878 * tests/suppressions.valgrind: updated memxor3 suppression to cope
3879 with any usage of memxor3
3881 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3883 * lib/gnutls_priority.c: The correct priority will be used if SYSTEM
3886 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3888 * lib/x509/verify.c: do not immediately fail on verification failure
3889 due to insecure algorithm.
3891 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3893 * tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
3894 gnutls_priority_set_direct() to set a fixed priority string
3896 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3898 * lib/x509/verify-high.c: avoid allocation.
3900 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3902 * doc/examples/ex-cert-select-pkcs11.c,
3903 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
3904 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
3905 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
3906 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
3907 priorities based on version number in examples, and add dependency
3910 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3912 * doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
3913 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
3914 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
3915 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
3916 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
3917 lib/gnutls_priority.c: changes in SYSTEM semantics to allow
3918 appending rules to the default policy.
3920 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3922 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
3923 Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used
3924 to read the priorities. That can be used to impose system specific
3927 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3929 * lib/gnutls_priority.c: Weak sec-param was replaced with Low.
3931 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3933 * tests/sec-params.c: updated sec-params check
3935 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3937 * doc/cha-gtls-app.texi: doc update
3939 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3941 * NEWS, src/certtool-common.c, src/serv.c: more updates for the
3942 security param rename
3944 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3946 * tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
3947 test to check the expected values of security parameters.
3949 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3951 * doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update
3953 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3955 * lib/algorithms/secparams.c: security levels aligned to ENISA and
3956 other common practice recommendations.
3958 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3960 * NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
3961 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
3962 lib/priority_options.gperf, lib/x509/verify.c:
3963 GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
3964 Also when setting a PROFILE explicitly as priority string the
3965 session security level is adjusted accordingly.
3967 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3969 * doc/cha-gtls-app.texi: doc update
3971 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3973 * lib/Makefile.am, lib/gnutls_priority.c,
3974 lib/priority_options.gperf: Use gperf to find priority string
3977 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3979 * lib/gnutls_priority.c: verification profiles can be set
3980 individually as well.
3982 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3984 * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
3987 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3989 * lib/gnutls_priority.c: increased the overall security level unless
3990 %COMPAT is specified.
3992 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3994 * lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
3995 verification profiles when setting priority strings
3997 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
3999 * lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c:
4000 Added certificate verification profiles.
4002 2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
4004 * lib/x509/verify.c: simplified _gnutls_verify_certificate2().
4006 2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
4008 * lib/x509/verify.c: consistency changes.
4010 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4012 * lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
4015 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4019 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4021 * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
4022 lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
4023 lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
4024 now kept in trust list instead of the credentials parameters. This is however not enabled by default. When adding CAs to trust
4025 list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
4026 RDN sequence. This flag is for now only useful internally in gnutls.
4028 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4030 * tests/x509dn.c: simplified x509dn
4032 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4034 * lib/gnutls_x509.c: doc update
4036 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4038 * tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
4039 set_pkcs12_cred test.
4041 2014-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4043 * NEWS, lib/pkcs11.c: doc update
4045 2014-01-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4047 * src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
4048 servers Without this patch, a TLS 1.2-only server will not be properly
4049 investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key
4050 --x509certfile=server/x509.pem --priority
4051 'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
4052 localhost Resolving 'localhost'... Connecting to '::1:5556'...
4053 Checking for SSL 3.0 support... no Checking whether %COMPAT is
4054 required... yes Checking for TLS 1.0 support... no Checking for TLS
4055 1.1 support... no Checking fallback from TLS 1.1 to... failed
4056 Checking for TLS 1.2 support... yes Checking whether we need to
4057 disable TLS 1.2... N/A Checking whether we need to disable TLS
4058 1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
4059 dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
4061 2014-01-06 Nils Maier <maierman@web.de>
4063 * lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
4064 using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
4065 full packet before setting priv->expect_cstatus = 0, or else
4066 CERTIFCATE STATUS packets won't be processed in subsequent calls at
4067 all, leaving them in the buffer and therefore causing later
4068 connection aborts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
4070 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4072 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
4073 lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
4074 renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
4075 looking for a trusted certificate.
4077 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4079 * lib/gnutls_x509.c: simplified
4080 gnutls_certificate_set_x509_crl_file/mem.
4082 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4084 * lib/gnutls_x509.c: simplified
4085 gnutls_certificate_set_x509_trust_file/mem.
4087 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4089 * lib/x509/verify-high2.c: use gnutls_strdup
4091 2014-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4095 2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4097 * tests/Makefile.am: mini-record-2 movedto front.
4099 2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
4101 * lib/crypto-selftests-pk.c: removed debugging
4103 2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
4105 * lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
4106 PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
4107 and distrust (blacklists).
4109 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4111 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
4112 lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()
4114 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4116 * lib/pkcs11.c: more sensible names in find data private structures.
4118 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4122 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4124 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
4125 gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
4126 GNUTLS_PKCS11_ISSUER_ANY is not specified.
4128 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4132 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4134 * lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
4135 lib/pkcs11_write.c: unified PKCS#11 debug messages
4137 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4139 * configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
4140 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h:
4141 Updated PKCS #11 support for
4142 gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of
4143 importing all CAs. That way it allows verification on the spot
4144 without requiring the gnutls to restart in case of a blacklisted CA.
4146 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
4150 2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4152 * src/p11tool-args.def: Added documentation for force autogen to
4153 generate correct texinfo code.
4155 2013-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4159 2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4163 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4165 * tests/resume-dtls.c, tests/resume.c: resume tests will not block
4168 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4170 * lib/gnutls_global.c: moved constructor definitions to macros to
4171 allow easier extensions to other systems.
4173 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4175 * tests/rng-fork.c: perform the iteration check on both rngs.
4177 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4179 * tests/suppressions.valgrind: Add suppression for nettle's memxor3
4181 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4185 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4187 * tests/mini-dtls-record.c: updated
4189 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4191 * lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
4192 the current size of the client hello.
4194 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4196 * lib/ext/dumbfw.c: doc update
4198 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4200 * lib/ext/dumbfw.c: do not pad when the client hello size is
4203 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4205 * lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
4206 padding if the hello data are already too long.
4208 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4210 * lib/Makefile.am: export only xssl symbols; small patch by Andreas
4213 2013-12-26 Gustavo Zacarias <gustavo@zacarias.com.ar>
4215 * src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
4216 glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
4218 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4220 * lib/nettle/pk.c: limit the size of the DH exponent
4222 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4224 * lib/nettle/pk.c: unified constants
4226 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4228 * tests/fips-test.c: Do not run the fips-test when not in fips mode
4230 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4232 * lib/ext/session_ticket.c, lib/ext/status_request.c,
4233 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h:
4234 simplified gnutls_handshake_alloc
4236 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4238 * lib/pkcs11_write.c: do not specify a default class when searching
4239 for objects to delete This fixed issue when trying to delete all the keys in a token by
4240 using the token URL.
4242 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4244 * src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
4245 flag to force security office login to the card
4247 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4249 * src/pkcs11.c: updated txt
4251 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4253 * src/pkcs11.c: print warning when no token name is provided
4255 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
4257 * lib/x509/common.c: Added userPrincipalName
4259 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
4261 * libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
4262 parameter is ignored.
4264 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
4266 * src/cli.c: corrected key ID size check
4268 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
4270 * configure.ac: Ported Alon's patch to correctly check for librt (et
4271 al.) This also makes clock_gettime() check independent of the FIPS140
4274 2013-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4276 * src/p11tool-args.def: Added aliases list-privkeys and list-keys
4278 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4280 * lib/system.c: undefine select as well in win32
4282 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4284 * tests/mini-dtls-large.c, tests/mini-dtls-record.c,
4285 tests/mini-handshake-timeout.c: corrected some tests to operate
4286 silently under valgrind
4288 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4290 * tests/mpi.c, tests/x509cert-tl.c: corrected leaks
4292 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4294 * lib/system.c: do not use the gnulib wrappers in win32
4296 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4298 * src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
4299 set the gnulib functions for recv and send.
4301 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4303 * lib/accelerated/x86/elf/cpuid-x86_64.s: updated
4305 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4307 * tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
4310 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4312 * tests/x509cert-tl.c: corrected check
4314 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4316 * lib/x509/verify-high.c: removed debugging
4318 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4320 * tests/pkcs12_s2k.c: corrected paths
4322 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4324 * lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c:
4325 pkcs11_get_random was renamed
4327 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4329 * lib/accelerated/x86/coff/aes-ssse3-x86.s,
4330 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
4331 lib/accelerated/x86/coff/aesni-x86.s,
4332 lib/accelerated/x86/coff/aesni-x86_64.s,
4333 lib/accelerated/x86/coff/cpuid-x86.s,
4334 lib/accelerated/x86/coff/cpuid-x86_64.s,
4335 lib/accelerated/x86/coff/e_padlock-x86.s,
4336 lib/accelerated/x86/coff/e_padlock-x86_64.s,
4337 lib/accelerated/x86/coff/ghash-x86_64.s,
4338 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
4339 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
4340 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
4341 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
4342 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
4343 lib/accelerated/x86/elf/aes-ssse3-x86.s,
4344 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
4345 lib/accelerated/x86/elf/aesni-x86_64.s,
4346 lib/accelerated/x86/elf/cpuid-x86_64.s,
4347 lib/accelerated/x86/elf/e_padlock-x86.s,
4348 lib/accelerated/x86/elf/e_padlock-x86_64.s,
4349 lib/accelerated/x86/elf/ghash-x86_64.s,
4350 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
4351 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
4352 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
4353 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
4354 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
4355 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
4356 lib/accelerated/x86/macosx/aesni-x86.s,
4357 lib/accelerated/x86/macosx/aesni-x86_64.s,
4358 lib/accelerated/x86/macosx/cpuid-x86.s,
4359 lib/accelerated/x86/macosx/cpuid-x86_64.s,
4360 lib/accelerated/x86/macosx/e_padlock-x86.s,
4361 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
4362 lib/accelerated/x86/macosx/ghash-x86_64.s,
4363 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
4364 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
4365 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
4366 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
4367 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
4370 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4372 * cfg.mk: correctly generate asm sources
4374 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4376 * cfg.mk: gnu note for stack only used in ELF
4378 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4380 * lib/accelerated/x86/coff/openssl-cpuid-x86.s,
4381 lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
4382 lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
4383 lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
4386 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4388 * lib/Makefile.am, lib/accelerated/Makefile.am,
4389 lib/accelerated/accelerated.c: Improved nettle check for
4390 registration of accelerated ciphers.
4392 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4394 * lib/accelerated/x86/Makefile.am: use the correct sources in win32
4397 2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4399 * lib/Makefile.am: simplified deps
4401 2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4403 * lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: lib/Makefile.am
4405 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4407 * tests/suite/testdane: updated danetool
4409 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4411 * lib/algorithms/ecc.c: changed default to 256R1
4413 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4415 * src/serv-args.def: doc update
4417 2013-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4419 * lib/Makefile.am: the accelerated library is depending on nettle
4422 2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4424 * src/certtool-args.def: doc update
4426 2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
4428 * doc/cha-tokens.texi: updated to account the file format p11-kit
4431 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4435 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4437 * devel/openssl: restricted submodule to a specific version
4439 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4441 * .gitignore, cfg.mk: bootstrap will initialize the submodules
4443 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4445 * lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
4446 lib/accelerated/x86/coff/aesni-x86_64.s,
4447 lib/accelerated/x86/coff/e_padlock-x86_64.s,
4448 lib/accelerated/x86/coff/ghash-x86_64.s,
4449 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
4450 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
4451 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
4452 lib/accelerated/x86/elf/aesni-x86_64.s,
4453 lib/accelerated/x86/elf/e_padlock-x86_64.s,
4454 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
4455 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
4456 lib/accelerated/x86/macosx/aesni-x86_64.s,
4457 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
4458 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files
4460 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4462 * .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
4463 devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
4464 devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
4465 devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
4466 devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
4467 devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
4468 devel/perlasm/openssl-cpuid-x86.pl.license,
4469 devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
4470 devel/perlasm/sha1-ssse3-x86_64.pl,
4471 devel/perlasm/sha256-ssse3-x86.pl,
4472 devel/perlasm/sha512-ssse3-x86.pl,
4473 devel/perlasm/sha512-ssse3-x86_64.pl,
4474 devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
4475 devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
4476 devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
4479 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4483 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4485 * configure.ac, lib/system.c: Added configure option
4486 --with-default-blacklist-file This option allows to specify a file containing blacklisted
4489 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4491 * lib/x509/verify-high.c, lib/x509/verify-high2.c:
4492 gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
4493 black list. When a CA or certificate is removed from the trusted list, it is
4494 also added in a blacklist to ensure that it will not be accepted due
4495 to interdependency (e.g., it is a subordinate CA), or because it is
4498 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4500 * lib/x509/verify-high2.c: Corrected documentation for
4501 gnutls_x509_trust_list_add_trust_*
4503 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4505 * lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
4506 in gnutls_pkcs11_reinit.
4508 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4510 * lib/nettle/mac.c: Avoid verbose logging
4512 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4514 * lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h:
4515 use better definitions
4517 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4519 * tests/mini-cert-status.c: doc update
4521 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4525 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4527 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
4528 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
4529 lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
4530 lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
4531 boundaries the buffers provided to cryptodev. When gnutls is compiled with support for cryptodev, the buffers
4532 provided to crypto backend are ensured to be 16-byte aligned (except
4533 the ones provided by the user). That increases performance in
4534 several crypto accelerators.
4536 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4538 * tests/mini-dtls-large.c: updated to correspond to new fail()
4540 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4542 * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
4543 lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
4546 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4548 * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
4549 lib/accelerated/x86/aes-cbc-x86-aesni.c,
4550 lib/accelerated/x86/aes-cbc-x86-ssse3.c,
4551 lib/accelerated/x86/aes-gcm-padlock.c,
4552 lib/accelerated/x86/aes-gcm-x86-aesni.c,
4553 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
4554 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
4555 lib/accelerated/x86/aes-padlock.c,
4556 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
4557 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
4558 lib/accelerated/x86/hmac-x86-ssse3.c,
4559 lib/accelerated/x86/sha-padlock.c,
4560 lib/accelerated/x86/sha-padlock.h,
4561 lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
4562 lib/accelerated/x86/x86-common.c: reorganized source files.
4564 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4566 * lib/accelerated/x86/Makefile.am,
4567 lib/accelerated/x86/aes-gcm-x86-aesni.c,
4568 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
4569 AESNI is available without PCLMUL, then use AES-NI in GCM.
4571 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4573 * lib/accelerated/x86/aes-gcm-padlock.c,
4574 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
4575 lib/accelerated/x86/aes-x86.c: addressed warning
4577 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4579 * lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
4582 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4584 * lib/accelerated/x86/Makefile.am,
4585 lib/accelerated/x86/hmac-x86-ssse3.c,
4586 lib/accelerated/x86/hmac-x86.c,
4587 lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.c:
4588 use better names for files
4590 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4592 * lib/accelerated/x86/aes-gcm-padlock.c,
4593 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
4594 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
4595 lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
4596 lib/accelerated/x86/hmac-padlock.c: zeroize keys
4598 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4600 * lib/accelerated/x86/Makefile.am,
4601 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
4602 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
4603 lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-x86.c,
4604 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c,
4605 lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When
4606 PCLMUL isn't available use the SSSE3 implementation of AES to
4609 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4611 * src/benchmark-tls.c: removed UMAC ciphersuites from benchmark
4613 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4615 * src/benchmark-tls.c: removed the estream ciphersuites from
4618 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4620 * cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
4621 devel/perlasm/aes-ssse3-x86.pl.license,
4622 devel/perlasm/aes-ssse3-x86_64.pl,
4623 devel/perlasm/aes-ssse3-x86_64.pl.license,
4624 devel/perlasm/aesni-x86.pl.license,
4625 devel/perlasm/aesni-x86_64.pl.license,
4626 devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
4627 devel/perlasm/cpuid-x86_64.pl.license,
4628 devel/perlasm/e_padlock-x86.pl.license,
4629 devel/perlasm/e_padlock-x86_64.pl.license,
4630 devel/perlasm/ghash-x86.pl.license,
4631 devel/perlasm/ghash-x86_64.pl.license,
4632 devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
4633 devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
4634 devel/perlasm/openssl-cpuid-x86.pl.license,
4635 devel/perlasm/ppc-xlate.pl.license,
4636 devel/perlasm/sha1-ssse3-x86.pl.license,
4637 devel/perlasm/sha1-ssse3-x86_64.pl.license,
4638 devel/perlasm/sha256-ssse3-x86.pl.license,
4639 devel/perlasm/sha512-ssse3-x86.pl.license,
4640 devel/perlasm/sha512-ssse3-x86_64.pl.license,
4641 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
4642 lib/accelerated/x86/coff/aes-ssse3-x86.s,
4643 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
4644 lib/accelerated/x86/coff/aesni-x86.s,
4645 lib/accelerated/x86/coff/aesni-x86_64.s,
4646 lib/accelerated/x86/coff/cpuid-x86.s,
4647 lib/accelerated/x86/coff/cpuid-x86_64.s,
4648 lib/accelerated/x86/coff/e_padlock-x86.s,
4649 lib/accelerated/x86/coff/e_padlock-x86_64.s,
4650 lib/accelerated/x86/coff/ghash-x86_64.s,
4651 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
4652 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
4653 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
4654 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
4655 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
4656 lib/accelerated/x86/elf/aes-ssse3-x86.s,
4657 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
4658 lib/accelerated/x86/elf/aesni-x86.s,
4659 lib/accelerated/x86/elf/aesni-x86_64.s,
4660 lib/accelerated/x86/elf/cpuid-x86.s,
4661 lib/accelerated/x86/elf/cpuid-x86_64.s,
4662 lib/accelerated/x86/elf/e_padlock-x86.s,
4663 lib/accelerated/x86/elf/e_padlock-x86_64.s,
4664 lib/accelerated/x86/elf/ghash-x86_64.s,
4665 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
4666 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
4667 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
4668 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
4669 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
4670 lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
4671 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
4672 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
4673 lib/accelerated/x86/macosx/aesni-x86.s,
4674 lib/accelerated/x86/macosx/aesni-x86_64.s,
4675 lib/accelerated/x86/macosx/cpuid-x86.s,
4676 lib/accelerated/x86/macosx/cpuid-x86_64.s,
4677 lib/accelerated/x86/macosx/e_padlock-x86.s,
4678 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
4679 lib/accelerated/x86/macosx/ghash-x86_64.s,
4680 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
4681 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
4682 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
4683 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
4684 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
4685 Hamburg's SSSE3 AES implementation.
4687 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4689 * doc/Makefile.am, doc/manpages/Makefile.am: doc update
4691 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4693 * cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
4694 devel/perlasm/sha1-ssse3-x86.pl,
4695 devel/perlasm/sha1-ssse3-x86_64.pl,
4696 devel/perlasm/sha256-ssse3-x86.pl,
4697 devel/perlasm/sha512-ssse3-x86.pl,
4698 devel/perlasm/sha512-ssse3-x86_64.pl,
4699 lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
4700 lib/accelerated/x86/aes-x86.c,
4701 lib/accelerated/x86/coff/aesni-x86.s,
4702 lib/accelerated/x86/coff/aesni-x86_64.s,
4703 lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
4704 lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
4705 lib/accelerated/x86/coff/appro-aes-x86-coff.s,
4706 lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
4707 lib/accelerated/x86/coff/cpuid-x86-coff.s,
4708 lib/accelerated/x86/coff/cpuid-x86.s,
4709 lib/accelerated/x86/coff/cpuid-x86_64.s,
4710 lib/accelerated/x86/coff/e_padlock-x86.s,
4711 lib/accelerated/x86/coff/e_padlock-x86_64.s,
4712 lib/accelerated/x86/coff/ghash-x86_64.s,
4713 lib/accelerated/x86/coff/openssl-cpuid-x86.s,
4714 lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
4715 lib/accelerated/x86/coff/padlock-x86-64-coff.s,
4716 lib/accelerated/x86/coff/padlock-x86-coff.s,
4717 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
4718 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
4719 lib/accelerated/x86/coff/sha256-avx-x86_64.s,
4720 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
4721 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
4722 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
4723 lib/accelerated/x86/elf/aesni-x86.s,
4724 lib/accelerated/x86/elf/aesni-x86_64.s,
4725 lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
4726 lib/accelerated/x86/elf/appro-aes-x86-64.s,
4727 lib/accelerated/x86/elf/appro-aes-x86.s,
4728 lib/accelerated/x86/elf/cpuid-x86-64.s,
4729 lib/accelerated/x86/elf/cpuid-x86_64.s,
4730 lib/accelerated/x86/elf/e_padlock-x86.s,
4731 lib/accelerated/x86/elf/e_padlock-x86_64.s,
4732 lib/accelerated/x86/elf/ghash-x86_64.s,
4733 lib/accelerated/x86/elf/padlock-x86-64.s,
4734 lib/accelerated/x86/elf/padlock-x86.s,
4735 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
4736 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
4737 lib/accelerated/x86/elf/sha256-avx-x86_64.s,
4738 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
4739 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
4740 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
4741 lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
4742 lib/accelerated/x86/macosx/aesni-x86.s,
4743 lib/accelerated/x86/macosx/aesni-x86_64.s,
4744 lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
4745 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
4746 lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
4747 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
4748 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
4749 lib/accelerated/x86/macosx/cpuid-x86.s,
4750 lib/accelerated/x86/macosx/cpuid-x86_64.s,
4751 lib/accelerated/x86/macosx/e_padlock-x86.s,
4752 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
4753 lib/accelerated/x86/macosx/ghash-x86_64.s,
4754 lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
4755 lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
4756 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
4757 lib/accelerated/x86/macosx/padlock-x86-macosx.s,
4758 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
4759 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
4760 lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
4761 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
4762 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
4763 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
4764 lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
4765 lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
4768 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4770 * lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h:
4771 Utilize the optimized SHA functions in Padlock HMAC.
4773 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4775 * src/Makefile.am: use a single BUILT_SOURCES
4777 2012-05-03 Patrick Pelletier <code@funwithsoftware.org>
4779 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
4780 doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
4781 lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def:
4782 minor phrasing improvements in docs
4784 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4786 * src/Makefile.am: Added auto-generated files in BUILT_SOURCES
4788 2013-12-13 Jared Wong <jaredlwong@gmail.com>
4790 * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
4791 line_size. All checks were being done where the line_size check was done last.
4792 This allows data to be read from one past teh end of the line
4793 buffer. In C, accessing data outside of an array is undefined
4794 behavior and may cause yet known problems. Additionally, the
4795 compiler may end up making some unreasonable assumptions under the
4796 pretense that the programmer is never wrong and would not access
4797 data outside of the array.
4799 2013-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4801 * src/libopts/m4/libopts.m4: Avoid conditional generation of
4804 2013-12-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
4806 * lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
4809 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4813 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4815 * lib/libgnutls.map: exported function
4817 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4819 * lib/gnutls_buffers.c, lib/gnutls_record.c,
4820 lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.
4822 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4824 * Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
4825 gnu-ism in Makefiles
4827 2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4829 * lib/gnutls_global.c: simplified logic
4831 2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4833 * lib/fips.c: Correctly detect the FIPS140-2 HMAC file.
4835 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4837 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
4838 lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
4839 exported pkcs11 functions initialize PKCS #11.
4841 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4843 * lib/pkcs11.c: fixes in PKCS #11 initialization
4845 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4847 * lib/gnutls_handshake.c: provide imprecise time as gmt time.
4849 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
4851 * lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
4852 auto-reinitialization.
4854 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
4856 * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
4857 fully initialize the PKCS #11 subsystem only when it is needed to.
4859 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
4861 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
4862 lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
4863 lib/nettle/mac.c: FIPS140 mode is detected on run-time. That allows a library compiled in FIPS140 mode to operate as the
4864 full library if the system is not in FIPS mode.
4866 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4868 * .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
4869 check to verify that gnutls_global_init() is run on the library
4872 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4874 * tests/global-init.c: converted to a simple check for
4875 gnutls_global_init() as gnutls_global_init2() will not be added.
4877 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4879 * lib/pkcs11.c: call p11_kit_modules_load() with null argument.
4881 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4883 * configure.ac: only use LT_INIT
4885 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4889 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4891 * configure.ac: disable static library build by default
4893 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4895 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
4896 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
4897 gnutls_global_init2() is no longer exported.
4899 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4901 * NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update
4903 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4905 * lib/pkcs11.c: Added automatic reinitialization on fork() on the
4908 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4910 * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
4911 lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
4914 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4918 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4920 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
4921 lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
4922 Use a DRBG-AES to generate nonces rather than the yarrow RNG.
4924 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4926 * lib/nettle/rnd-fips.c: getpid() is conditionally used.
4928 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4930 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
4931 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
4932 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
4933 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
4934 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
4935 auto-generated files
4937 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4939 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
4940 tests/fips-test.c: removed zombie mode, and no longer use fips140.h
4942 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4944 * lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
4945 lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
4948 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4950 * lib/fips.c: simplified func
4952 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4954 * lib/crypto-api.c, lib/nettle/pk.c: corrected macros
4956 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4958 * tests/rng-fork.c: Check whether the RNG can perform many
4959 iterations without error.
4961 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4963 * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
4964 lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
4965 exceed a number of iterations.
4967 2013-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4969 * lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
4970 mutex to avoid any side-effects.
4972 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4974 * lib/locks.h: re-initialize a deleted staticly initialized mutex
4976 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4980 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4982 * lib/nettle/pk.c: Added hack for nettle's checks.
4984 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4986 * lib/algorithms/secparams.c: adjusted parameters in normal level
4987 for DSA to match nettle's abilities.
4989 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4991 * src/certtool.c: added newlines in error reporting
4993 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4995 * lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
4996 tests when used from slow/cipher-test
4998 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5002 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5004 * tests/global-init.c: updated test for the universal lib
5007 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5009 * lib/gnutls_global.c: removed deadlock from gnutls_global.c
5011 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5013 * lib/fips.c, lib/gnutls_global.c: constructor and destructors were
5014 moved outside the FIPS140 mode.
5016 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5018 * tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
5019 when not in FIPS140 mode.
5021 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5023 * lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c:
5024 fips140_simulate_error -> lib_simulate_error
5026 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5028 * lib/algorithms/secparams.c: adjusted subgroup bits to be
5029 compatible with DSA requirements.
5031 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5033 * lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
5034 lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
5035 lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
5036 lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
5037 lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
5038 library state is used even when not in FIPS mode. This allows having an error state that blocks the library usage even
5039 when not in FIPS mode.
5041 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5043 * : Merged the FIPS140-2 support code. Conflicts: lib/gnutls_global.c tests/mini-overhead.c
5045 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5047 * cross.mk: updated cross.mk
5049 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5051 * src/common.c: removed usage of %zu.
5053 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5055 * tests/mini-overhead.c: updated mini-overhead to account for the
5056 removal of salsa20+umac
5058 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5060 * lib/system.h: Detect the presence of posix locks even without
5061 linked to libpthread.
5063 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5065 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
5068 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5070 * configure.ac: remove bashism.
5072 2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5074 * doc/cha-tokens.texi: doc update
5076 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5078 * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
5080 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5082 * doc/reference/gnutls-docs.sgml: updated links in reference.
5085 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5087 * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
5089 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5091 * doc/reference/gnutls-docs.sgml: updated links in reference.
5094 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5096 * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
5097 updated addresses and URLs. Reported by Nico R.
5099 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5101 * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
5102 updated addresses and URLs. Reported by Nico R.
5104 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5106 * lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
5107 *structors to fips.c
5109 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5111 * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
5114 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5116 * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
5119 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5121 * lib/crypto-selftests-pk.c: Added ECDH known answer test.
5123 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5125 * lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
5126 Diffie-Hellman key exchange.
5128 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5130 * lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
5133 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5135 * lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c:
5136 compacted DH support files.
5138 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5140 * lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
5141 they are not needed.
5143 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5145 * lib/x509/privkey.c: When checking the generated DSA params make
5146 sure that the data to be signed have the proper size.
5148 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5150 * lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
5151 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
5152 lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
5153 lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
5154 exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
5155 functions. This allows handling DH key generation in the crypto backend files.
5157 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5159 * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
5161 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5163 * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
5165 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5167 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
5168 lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
5169 DRBG-AES generator by using a counter (with an arbitrary initial
5172 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5174 * lib/x509/privkey.c: Added pairwise constistency test on key
5177 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5179 * lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero
5181 2013-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5183 * doc/certtool.cfg: updated example certtool.cfg
5185 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5187 * lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
5188 a compiler optimizing out out calls.
5190 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5192 * lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
5193 DH and DSA key q size.
5195 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5197 * lib/algorithms/secparams.c: corrected params for ULTRA level
5199 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5203 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5205 * tests/mini-record-2.c: Re-run receiving tests on server side, to
5206 allow any valgrind errors to propagate to exit code.
5208 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5210 * lib/fips.c: Perform an integrity check on all supporting libraries
5212 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5214 * src/certtool.c: In FIPS mode the default cipher is AES.
5216 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5218 * configure.ac: Do not link gnutls against librt unlress it is
5221 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5223 * configure.ac: checks FIPS-140 lib requirements, moved after
5224 clock_gettime() is checked for.
5226 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5228 * lib/opencdk/armor.c: removed unused function
5230 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5232 * lib/opencdk/pubkey.c: removed unused variable
5234 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5236 * lib/crypto-selftests-pk.c, tests/mini-xssl.c,
5237 tests/pkcs12_simple.c: Skip tests that require the non-suiteb
5240 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5242 * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h:
5243 _gnutls_privkey_decode_ecc_key() returns integers as error code to
5244 distinguish error conditions.
5246 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5248 * configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
5249 to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
5252 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5256 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5258 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
5259 lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
5260 lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
5261 lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
5262 tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
5263 parameter generator.
5265 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5267 * lib/nettle/rnd-fips.c: removed unneeded newlines
5269 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5271 * .gitignore: more files ignored
5273 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5275 * configure.ac, lib/nettle/Makefile.am, lib/nettle/gcm-camellia.c,
5276 lib/nettle/gcm-camellia.h, lib/nettle/int/drbg-aes-self-test.c,
5277 lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
5278 lib/nettle/int/gcm-camellia.c, lib/nettle/int/gcm-camellia.h,
5279 lib/nettle/rnd-fips.c: Added DRBG submitted to nettle in gnutls.
5281 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5283 * tests/mini-record-2.c: Added deflate compression tests with
5284 AES-GCM in order to be tested in FIPS mode.
5286 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
5288 * lib/crypto-api.c: corrected comparison
5290 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5292 * lib/crypto-api.c: Allow MD5 hash in zombie mode
5294 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5296 * lib/gnutls_errors.h: fixed bug
5298 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5300 * tests/Makefile.am: don't run openssl (md5) when in fips mode
5302 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5304 * lib/fips.c, tests/fips-test.c: separate zombie mode from
5305 operational fips mode
5307 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5309 * tests/fips-test.c: modified to account for zombie mode
5311 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5313 * lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
5316 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5318 * lib/x509/privkey_openssl.c: beautified table
5320 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5322 * NEWS: added new functions
5324 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5326 * lib/crypto-selftests-pk.c: eliminated memory leak on PK self
5329 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5331 * lib/gnutls_errors.c, lib/gnutls_global.c,
5332 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
5333 lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c:
5334 Added gnutls_global_init2(). This allows initializing gnutls in a
5335 constructor in FIPS140 mode
5337 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5339 * lib/fips.c: Added an audit message in self test failure
5341 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5343 * lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
5346 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5348 * lib/fips.c: binary integrity self test moved to end
5350 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5352 * lib/gnutls_errors.h: simplified debugging levels.
5354 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5356 * lib/x509_b64.c: silence some errors
5358 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5360 * lib/nettle/rnd-fips.c: updated
5362 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5364 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c:
5365 Better handling of FIPS140-2 initialization
5367 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5369 * lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
5370 lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
5371 determine which curves are available.
5373 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5375 * lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c:
5376 gnutls_key_generate() is restricted by the size of the initial RNG
5377 seed in FIPS140-2 mode.
5379 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5381 * lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
5384 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5386 * lib/nettle/pk.c: when using the rng() with a void option use the
5387 FIPS state to indicate errors.
5389 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5391 * tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
5392 tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
5393 tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c:
5394 Restrict the number of tests run on FIPS140-2 mode.
5396 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
5398 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
5399 lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
5400 lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
5401 FIPS140-2 mode disable non-conformant ciphers, MAC and hash
5404 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5406 * lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c:
5407 Use nettle for the generation of DH group parameters.
5409 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5411 * lib/nettle/pk.c: no need to memset. It should have been
5414 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5416 * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
5417 tests/cert-tests/ca-no-pathlen.pem,
5418 tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
5419 not involve the security level into the certificate comparisons.
5421 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5423 * lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
5424 lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
5425 pk_generate_params() and pk_generate_keys(). This allows using the pk_generate interface to get DH parameters and
5428 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5430 * lib/algorithms/secparams.c: restricted combinations of security
5431 parameters in FIPS mode.
5433 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
5435 * lib/nettle/rnd-fips.c: removed the initialized static variable.
5437 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
5439 * lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
5440 lib/nettle/rnd-fips.c: Corrected _rnd_get_event().
5442 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
5444 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
5445 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
5446 lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c:
5447 Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
5450 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
5452 * tests/rng-fork.c: In rng_fork test all random generators.
5454 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
5456 * lib/nettle/rnd-fips.c: comments updated to conform to the modified
5459 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
5461 * lib/nettle/rnd-fips.c: removed external test functions
5463 2013-11-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
5465 * .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
5466 lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
5467 lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
5468 libgcrypt's AES-based DRBG.
5470 2013-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
5472 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
5473 lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
5476 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5478 * lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
5479 lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
5482 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5484 * lib/x509/privkey_pkcs8.c: corrected typo
5486 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5488 * lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
5489 lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
5492 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5494 * lib/x509/privkey_openssl.c: more keys are zeroized
5496 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5498 * m4/hooks.m4: require libtasn1 3.4
5500 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5502 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
5503 lib/minitasn1/element.c, lib/minitasn1/element.h,
5504 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
5505 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
5506 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
5507 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
5508 lib/minitasn1/version.c: updated libtasn1 version
5510 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5512 * lib/nettle/pk.c: use the most appropriate nettle function
5514 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5516 * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
5517 lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
5518 lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
5519 lib/x509/privkey_pkcs8.c: better naming for free_datum functions.
5521 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5523 * lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
5524 lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
5525 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
5526 buffers of private keys.
5528 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
5530 * lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
5531 ECC secret scalars and points.
5533 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5535 * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
5536 lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
5537 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
5538 lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
5539 lib/nettle/mac.c: Added zeroization of keys in several parts within
5542 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5544 * lib/gnutls_dh.c: doc update
5546 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5548 * lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
5551 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5553 * lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
5554 _gnutls_mpi_release()
5556 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5558 * NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
5559 lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
5560 lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
5561 tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
5562 and added a self test for it.
5564 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
5566 * lib/fips.c, lib/fips.h: Added binary integrity test
5568 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
5570 * configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
5571 lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
5572 lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
5573 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
5574 lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
5575 lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
5576 lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
5577 for fips states. This implies that when in FIPS mode and the library is not in
5578 operational state (i.e., all self checks succeeded), crypto
5579 functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
5581 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
5583 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
5584 tests/slow/cipher-test.c: indented code
5586 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
5590 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5592 * configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
5593 tests/slow/cipher-test.c: Self checks are conditionally included in
5596 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5598 * lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
5601 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5603 * lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
5604 specifying an explicit curve.
5606 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5608 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
5609 lib/libgnutls.map: Added gnutls_privkey_generate().
5611 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5613 * lib/Makefile.am, lib/crypto-selftests-pk.c,
5614 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
5615 tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
5618 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5620 * lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
5621 tests/slow/cipher-test.c: Added option to run all available self
5622 tests per category in a single run.
5624 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
5626 * lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
5627 self-tests by adding digest and MAC tests.
5629 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5631 * lib/Makefile.am, lib/crypto-selftests.c,
5632 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
5633 tests/slow/cipher-test.c: Added self tests
5635 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5637 * configure.ac: check for alternative unbound root key files.
5639 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5641 * lib/debug.c: increased buffers
5643 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5645 * lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
5646 lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
5647 lib/accelerated/x86/coff/padlock-x86-64-coff.s,
5648 lib/accelerated/x86/coff/padlock-x86-coff.s,
5649 lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
5650 lib/accelerated/x86/elf/appro-aes-x86-64.s,
5651 lib/accelerated/x86/elf/padlock-x86-64.s,
5652 lib/accelerated/x86/elf/padlock-x86.s,
5653 lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
5654 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
5655 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
5656 lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
5657 auto-generated asm files. This fixes a valgrind complaint when
5660 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5662 * devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
5663 devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
5664 devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
5665 devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
5666 devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
5667 devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
5668 devel/perlasm/x86nasm.pl: updated perlasm files
5670 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5672 * configure.ac, lib/Makefile.am: Do not link gnutls against librt
5673 unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am
5675 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5677 * lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites
5679 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5681 * .gitignore: more files to ignore
5683 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5685 * configure.ac: updated e-mail address
5687 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5689 * doc/manpages/Makefile.am: use $shell()
5691 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5693 * Makefile.am, src/args-std.def: handle centrally more variables
5695 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5697 * configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
5698 manpage generation (and information stored to it).
5700 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5702 * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
5703 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
5704 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
5705 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
5706 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
5707 auto-generated doc files.
5709 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5711 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
5712 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
5713 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
5714 doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c:
5715 certtool's --verify option if not supplied with a CA list, will use
5716 the system's CA list.
5718 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5720 * lib/includes/gnutls/x509.h: cast the expiration time to time_t
5722 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5724 * lib/x509/x509_write.c: doc update
5726 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5728 * lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
5729 for the 'no well defined' expiration time.
5731 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5733 * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
5734 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
5735 gl/tests/Makefile.am, gl/tests/strerror-override.c,
5736 gl/tests/strerror-override.h, gl/tests/strerror.c: Added strerror
5739 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5741 * lib/nettle/egd.c: better use of errno
5743 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5745 * doc/latex/epub.tex, doc/latex/gnutls.tex,
5746 doc/scripts/mytexi2latex: use eurosym package for euro symbol
5748 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5750 * configure.ac: Corrected check of usage of local libopts when
5751 autogen isn't present
5753 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5755 * tests/cert-tests/Makefile.am,
5756 tests/cert-tests/template-dn-err.tmpl,
5757 tests/cert-tests/template-test: Verify failure of DN parsing in a
5760 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5762 * lib/gnutls_compress.c: disallow any compression in DTLS
5764 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5766 * tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c:
5767 mini-deflate was combined with mini-record-2
5769 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5771 * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
5772 lib/gnutls_record.h: Corrected bug which affected compressed
5773 records. Less space was provided for decryption than the required causing
5774 disconnection issues when compression was used. The issue was
5775 pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
5776 max_decrypted_size() and max_record_recv_size().
5778 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5780 * lib/ext/session_ticket.c: check return code of gnutls_rnd().
5782 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5784 * lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
5787 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5789 * cross.mk: updated cross.mk
5791 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5793 * lib/system.c: fixed for win32
5795 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5797 * lib/gnutls_buffers.c: added assert to trace errors.
5799 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5803 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5805 * src/Makefile.am: link all programs with libgnu_gpl to avoid
5806 conflicts from header files.
5808 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5810 * src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
5811 src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h:
5812 Added progname module which is used by error().
5814 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5816 * src/socket.c: safer usage of strerror
5818 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5820 * doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable
5822 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5824 * src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
5827 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5829 * src/Makefile.am: corrected libopts patch
5831 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5833 * src/gl/error.c: removed unneed line
5835 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5837 * .gitignore: ignore xssl manpages
5839 2013-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5841 * lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
5844 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5846 * Makefile.am: generate ChangeLog after doc/ is checked.
5848 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5850 * doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles
5852 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5854 * doc/scripts/getfuncs.pl: made more clever to ignore inline
5857 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5859 * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
5860 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
5861 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
5862 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
5863 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
5864 auto-generated files
5866 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5868 * doc/cha-gtls-app.texi: doc update
5870 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5872 * lib/libgnutls.map: exported gnutls_est_record_overhead_size
5874 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5876 * lib/gnutls_global.c: do not add newline (it's already in the
5879 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5881 * lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
5882 function is not updated if it is already set.
5884 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5886 * doc/cha-gtls-app.texi: doc update
5888 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5892 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5894 * configure.ac: bumped version
5896 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5898 * cfg.mk: updated glimport
5900 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5902 * cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
5903 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
5904 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
5905 doc/invoke-tpmtool.texi, src/certtool-args.def: doc update
5907 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5909 * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
5910 tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test:
5911 Added self checks for new date reading functionality
5913 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5915 * .gitignore, src/Makefile.am, src/certtool-args.def,
5916 src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
5917 activation_date and expiration_date options to certtool template
5920 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5922 * .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
5923 src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
5924 src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
5925 src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
5926 src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
5927 src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
5928 src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
5929 src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
5930 src/gl/m4/error.m4, src/gl/m4/extensions.m4,
5931 src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
5932 src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
5933 src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
5934 src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
5935 src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
5936 src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
5937 src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
5938 src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
5939 src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
5940 src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
5941 src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
5942 src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
5943 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
5944 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
5945 src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
5946 src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
5947 src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
5948 src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
5949 src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
5950 src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
5951 src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
5952 src/gl/strerror-override.c, src/gl/strerror-override.h,
5953 src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
5954 src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
5955 src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
5956 src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
5957 src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
5958 src/gl/xmalloc.c: Added a gnulib with GPL components for use by
5961 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5963 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
5964 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
5965 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
5966 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
5967 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def:
5968 corrected bug reporting address.
5970 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5972 * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
5973 for overflows when setting time and allow a time of -1.
5975 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5977 * lib/x509/common.c, tests/cert-tests/Makefile.am,
5978 tests/cert-tests/template-overflow.pem,
5979 tests/cert-tests/template-overflow.tmpl,
5980 tests/cert-tests/template-overflow2.pem,
5981 tests/cert-tests/template-overflow2.tmpl,
5982 tests/cert-tests/template-test: Dates and time that would overflow
5983 the GeneralTime are also truncated. We may need to revise that
5986 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5988 * doc/Makefile.am, doc/invoke-certtool.texi,
5989 doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
5990 doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
5991 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
5992 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
5993 doc/invoke-tpmtool.texi: force serialized generation of
5994 invoke-*texi, to avoid autogen issue.
5996 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5998 * lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
5999 (time_t)-1 will set to the no well-defined expiration date value.
6001 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6003 * lib/gnutls_handshake.c: correctly set the ciphersuite when the
6004 set_premaster interface is used.
6006 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6008 * lib/gnutls_state.c: check for a valid blocksize prior to entering
6011 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6013 * lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
6014 if set to a number will enable logging to stderr.
6016 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6018 * tests/suite/testcompat, tests/suite/testcompat-main: corrected
6019 issue with a not-yet-valid certificate
6021 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6023 * src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
6026 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6028 * src/serv.c: simplified function
6030 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6032 * tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
6033 with fedora's openssl
6035 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6037 * configure.ac: print whether the local libopts or libtasn1 are
6040 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6042 * gl/Makefile.am, gl/base64.c, gl/intprops.h,
6043 gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
6044 gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/intprops.h,
6045 maint.mk: Added intprops module (which is needed by newer libtasn1
6048 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
6050 * lib/gnutls_int.h: use the bool expression instead of unsigned
6053 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
6055 * lib/gnutls_global.c: doc update
6057 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
6059 * lib/system.h: define GNUTLS_PATH_MAX globally.
6061 2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6063 * lib/gnutls_x509.c: doc update
6065 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6067 * tests/suite/testcompat: do not run on clippled versions of openssl
6069 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6071 * lib/x509/common.c, lib/x509/extensions.c: simplified functions.
6073 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6075 * tests/suite/ciphersuite/test-ciphers.js,
6076 tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
6079 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6081 * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
6082 lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
6083 lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
6086 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6088 * tests/utils.c: always exit when fail is called.
6090 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6092 * configure.ac: reduced the stack size warning size.
6094 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6096 * doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update
6098 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6102 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6104 * NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
6105 lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
6106 lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
6107 string option. This works around issues when connecting behind some firewalls.
6109 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6111 * tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
6114 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6116 * doc/invoke-p11tool.texi, src/p11tool-args.def: doc update
6118 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6120 * NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
6121 of GNUTLS_PKCS11_PIN.
6123 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6127 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6129 * doc/invoke-p11tool.texi: doc update
6131 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6133 * tests/suite/pkcs11-certs/ca-tmpl,
6134 tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
6135 tests/suite/pkcs11-certs/client-tmpl,
6136 tests/suite/pkcs11-certs/client.crt,
6137 tests/suite/pkcs11-certs/client.key,
6138 tests/suite/pkcs11-certs/server-tmpl,
6139 tests/suite/pkcs11-certs/server.crt,
6140 tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
6141 test suite for PKCS #11 cards (not executed automatically).
6143 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6145 * lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
6146 self-signed certificates present in the chain
6148 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6150 * configure.ac: simplified checks
6152 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6154 * src/common.c, src/p11tool-args.def: Allow getting the PIN from the
6155 GNUTLS_PKCS11_PIN environment variable.
6157 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6161 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6165 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6167 * lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
6168 import the whole chain. This affects gnutls_certificate_set_x509_key_file*().
6170 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6172 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
6173 Added export-chain option to p11tool
6175 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6177 * lib/Makefile.am, lib/gnutls_pubkey.c,
6178 lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
6179 lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
6180 lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
6181 The latter function allows to obtain the issuer of a certificate
6182 stored in a token. While traversing tokens, use the URL provided by the user, to avoid
6183 looking for objects in unrelated tokens.
6185 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6187 * configure.ac: test before copy
6189 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6191 * lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()
6193 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6195 * doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
6196 lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
6197 function prototypes to account for the new indentation.
6199 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6201 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
6202 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
6203 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
6204 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
6205 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
6206 doc/manpages/tpmtool.1: doc update
6208 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6210 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
6211 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
6212 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
6213 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
6214 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
6215 lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
6216 indentation in headers.
6218 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6220 * Makefile.am, configure.ac: stribute the autogen'erated files as
6221 .bak and enable them only if local libopts is being used.
6223 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6225 * doc/alert-printlist.c, doc/common.c, doc/common.h,
6226 doc/errcodes.c, doc/examples/ex-alert.c,
6227 doc/examples/ex-cert-select-pkcs11.c,
6228 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
6229 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
6230 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
6231 doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
6232 doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
6233 doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
6234 doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
6235 doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
6236 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
6237 doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
6238 doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
6239 doc/examples/ex-x509-info.c, doc/examples/examples.h,
6240 doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
6241 doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
6242 extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
6243 extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
6244 lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
6245 lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
6246 lib/accelerated/x86/aes-gcm-padlock.c,
6247 lib/accelerated/x86/aes-gcm-x86.c,
6248 lib/accelerated/x86/aes-padlock.c,
6249 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
6250 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
6251 lib/accelerated/x86/sha-padlock.c,
6252 lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
6253 lib/algorithms.h, lib/algorithms/cert_types.c,
6254 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
6255 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
6256 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
6257 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
6258 lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
6259 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
6260 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
6261 lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
6262 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
6263 lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
6264 lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
6265 lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
6266 lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
6267 lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
6268 lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
6269 lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
6270 lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
6271 lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
6272 lib/ext/server_name.h, lib/ext/session_ticket.c,
6273 lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
6274 lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
6275 lib/ext/status_request.c, lib/ext/status_request.h,
6276 lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
6277 lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
6278 lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
6279 lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
6280 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
6281 lib/gnutls_compress.c, lib/gnutls_compress.h,
6282 lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
6283 lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
6284 lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
6285 lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
6286 lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
6287 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
6288 lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
6289 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
6290 lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
6291 lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
6292 lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
6293 lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
6294 lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
6295 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
6296 lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
6297 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
6298 lib/gnutls_rsa_export.c, lib/gnutls_session.c,
6299 lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
6300 lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
6301 lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
6302 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
6303 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
6304 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
6305 lib/gnutls_x509.c, lib/gnutls_x509.h,
6306 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
6307 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
6308 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
6309 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
6310 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
6311 lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
6312 lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
6313 lib/minitasn1/element.c, lib/minitasn1/element.h,
6314 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
6315 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
6316 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
6317 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
6318 lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
6319 lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
6320 lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
6321 lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
6322 lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
6323 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
6324 lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
6325 lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
6326 lib/opencdk/packet.h, lib/opencdk/pubkey.c,
6327 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
6328 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
6329 lib/opencdk/stream.h, lib/opencdk/types.h,
6330 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
6331 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
6332 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
6333 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
6334 lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
6335 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
6336 lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
6337 lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
6338 lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
6339 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
6340 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
6341 lib/x509/extensions.c, lib/x509/key_decode.c,
6342 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
6343 lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
6344 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
6345 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
6346 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
6347 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
6348 lib/x509/verify-high.c, lib/x509/verify-high.h,
6349 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
6350 lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
6351 lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
6352 lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
6353 libdane/errors.c, libdane/includes/gnutls/dane.h,
6354 src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
6355 src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
6356 src/certtool-common.c, src/certtool-common.h,
6357 src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
6358 src/common.c, src/common.h, src/crywrap/crywrap.c,
6359 src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
6360 src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
6361 src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
6362 src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
6363 src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
6364 src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
6365 tests/certder.c, tests/certificate_set_x509_crl.c,
6366 tests/certuniqueid.c, tests/chainverify-unsorted.c,
6367 tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
6368 tests/cve-2008-4989.c, tests/cve-2009-1415.c,
6369 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
6370 tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
6371 tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
6372 tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
6373 tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
6374 tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
6375 tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
6376 tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
6377 tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
6378 tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
6379 tests/mini-overhead.c, tests/mini-record-2.c,
6380 tests/mini-record-range.c, tests/mini-record.c,
6381 tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
6382 tests/mini-termination.c, tests/mini-x509-2.c,
6383 tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
6384 tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
6385 tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
6386 tests/openpgp-auth2.c, tests/openpgp-keyring.c,
6387 tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
6388 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
6389 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
6390 tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
6391 tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
6392 tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
6393 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
6394 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
6395 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
6396 tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
6397 tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
6398 tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
6399 tests/suite/ecore/src/include/Eina.h,
6400 tests/suite/ecore/src/include/eina_accessor.h,
6401 tests/suite/ecore/src/include/eina_array.h,
6402 tests/suite/ecore/src/include/eina_benchmark.h,
6403 tests/suite/ecore/src/include/eina_binshare.h,
6404 tests/suite/ecore/src/include/eina_config.h,
6405 tests/suite/ecore/src/include/eina_convert.h,
6406 tests/suite/ecore/src/include/eina_counter.h,
6407 tests/suite/ecore/src/include/eina_cpu.h,
6408 tests/suite/ecore/src/include/eina_error.h,
6409 tests/suite/ecore/src/include/eina_file.h,
6410 tests/suite/ecore/src/include/eina_fp.h,
6411 tests/suite/ecore/src/include/eina_hamster.h,
6412 tests/suite/ecore/src/include/eina_hash.h,
6413 tests/suite/ecore/src/include/eina_inlist.h,
6414 tests/suite/ecore/src/include/eina_iterator.h,
6415 tests/suite/ecore/src/include/eina_lalloc.h,
6416 tests/suite/ecore/src/include/eina_list.h,
6417 tests/suite/ecore/src/include/eina_log.h,
6418 tests/suite/ecore/src/include/eina_magic.h,
6419 tests/suite/ecore/src/include/eina_main.h,
6420 tests/suite/ecore/src/include/eina_matrixsparse.h,
6421 tests/suite/ecore/src/include/eina_mempool.h,
6422 tests/suite/ecore/src/include/eina_module.h,
6423 tests/suite/ecore/src/include/eina_quadtree.h,
6424 tests/suite/ecore/src/include/eina_rbtree.h,
6425 tests/suite/ecore/src/include/eina_rectangle.h,
6426 tests/suite/ecore/src/include/eina_safety_checks.h,
6427 tests/suite/ecore/src/include/eina_sched.h,
6428 tests/suite/ecore/src/include/eina_str.h,
6429 tests/suite/ecore/src/include/eina_strbuf.h,
6430 tests/suite/ecore/src/include/eina_stringshare.h,
6431 tests/suite/ecore/src/include/eina_tiler.h,
6432 tests/suite/ecore/src/include/eina_trash.h,
6433 tests/suite/ecore/src/include/eina_types.h,
6434 tests/suite/ecore/src/include/eina_unicode.h,
6435 tests/suite/ecore/src/include/eina_ustrbuf.h,
6436 tests/suite/ecore/src/include/eina_ustringshare.h,
6437 tests/suite/ecore/src/lib/Ecore.h,
6438 tests/suite/ecore/src/lib/Ecore_Getopt.h,
6439 tests/suite/ecore/src/lib/ecore.c,
6440 tests/suite/ecore/src/lib/ecore_anim.c,
6441 tests/suite/ecore/src/lib/ecore_app.c,
6442 tests/suite/ecore/src/lib/ecore_events.c,
6443 tests/suite/ecore/src/lib/ecore_exe.c,
6444 tests/suite/ecore/src/lib/ecore_getopt.c,
6445 tests/suite/ecore/src/lib/ecore_glib.c,
6446 tests/suite/ecore/src/lib/ecore_idle_enterer.c,
6447 tests/suite/ecore/src/lib/ecore_idle_exiter.c,
6448 tests/suite/ecore/src/lib/ecore_idler.c,
6449 tests/suite/ecore/src/lib/ecore_job.c,
6450 tests/suite/ecore/src/lib/ecore_main.c,
6451 tests/suite/ecore/src/lib/ecore_pipe.c,
6452 tests/suite/ecore/src/lib/ecore_poll.c,
6453 tests/suite/ecore/src/lib/ecore_private.h,
6454 tests/suite/ecore/src/lib/ecore_signal.c,
6455 tests/suite/ecore/src/lib/ecore_thread.c,
6456 tests/suite/ecore/src/lib/ecore_time.c,
6457 tests/suite/ecore/src/lib/ecore_timer.c,
6458 tests/suite/ecore/src/lib/eina_accessor.c,
6459 tests/suite/ecore/src/lib/eina_array.c,
6460 tests/suite/ecore/src/lib/eina_benchmark.c,
6461 tests/suite/ecore/src/lib/eina_binshare.c,
6462 tests/suite/ecore/src/lib/eina_chained_mempool.c,
6463 tests/suite/ecore/src/lib/eina_convert.c,
6464 tests/suite/ecore/src/lib/eina_counter.c,
6465 tests/suite/ecore/src/lib/eina_cpu.c,
6466 tests/suite/ecore/src/lib/eina_error.c,
6467 tests/suite/ecore/src/lib/eina_file.c,
6468 tests/suite/ecore/src/lib/eina_fp.c,
6469 tests/suite/ecore/src/lib/eina_hamster.c,
6470 tests/suite/ecore/src/lib/eina_hash.c,
6471 tests/suite/ecore/src/lib/eina_inlist.c,
6472 tests/suite/ecore/src/lib/eina_iterator.c,
6473 tests/suite/ecore/src/lib/eina_lalloc.c,
6474 tests/suite/ecore/src/lib/eina_list.c,
6475 tests/suite/ecore/src/lib/eina_log.c,
6476 tests/suite/ecore/src/lib/eina_magic.c,
6477 tests/suite/ecore/src/lib/eina_main.c,
6478 tests/suite/ecore/src/lib/eina_matrixsparse.c,
6479 tests/suite/ecore/src/lib/eina_mempool.c,
6480 tests/suite/ecore/src/lib/eina_module.c,
6481 tests/suite/ecore/src/lib/eina_private.h,
6482 tests/suite/ecore/src/lib/eina_quadtree.c,
6483 tests/suite/ecore/src/lib/eina_rbtree.c,
6484 tests/suite/ecore/src/lib/eina_rectangle.c,
6485 tests/suite/ecore/src/lib/eina_safety_checks.c,
6486 tests/suite/ecore/src/lib/eina_sched.c,
6487 tests/suite/ecore/src/lib/eina_share_common.c,
6488 tests/suite/ecore/src/lib/eina_share_common.h,
6489 tests/suite/ecore/src/lib/eina_str.c,
6490 tests/suite/ecore/src/lib/eina_strbuf.c,
6491 tests/suite/ecore/src/lib/eina_strbuf_common.c,
6492 tests/suite/ecore/src/lib/eina_strbuf_common.h,
6493 tests/suite/ecore/src/lib/eina_stringshare.c,
6494 tests/suite/ecore/src/lib/eina_tiler.c,
6495 tests/suite/ecore/src/lib/eina_unicode.c,
6496 tests/suite/ecore/src/lib/eina_ustrbuf.c,
6497 tests/suite/ecore/src/lib/eina_ustringshare.c,
6498 tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
6499 tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
6500 tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
6501 tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c:
6504 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
6506 * lib/pkcs11.c: doc update
6508 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
6510 * lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
6511 gnutls_x509_privkey_generate() allow specifying an explicit curve.
6513 2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6515 * src/certtool-args.def, src/certtool-common.c,
6516 src/certtool-common.h, src/certtool.c: enable --outder for certtool
6517 --dh-info "certool --dh-info --outder" produces PEM-encoded output without
6520 2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6522 * src/certtool-args.def, src/certtool-common.c: enable --inder for
6523 certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
6526 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6530 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6532 * doc/manpages/tpmtool.1: doc update
6534 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6536 * lib/gnutls_errors.c: doc update
6538 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6540 * configure.ac: use srcdir as prefix
6542 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6544 * configure.ac: removed unneeded command
6546 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6548 * configure.ac: print the flags used for libopts
6550 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6552 * configure.ac: delete libopts generated files if system libopts is
6555 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
6557 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
6558 lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h:
6559 separated the TLS IV size and the cipher IV size.
6561 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
6563 * configure.ac, src/libopts/Makefile.am: fixes in libopts
6566 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6568 * Makefile.am: make sure that .def files will be re-read on the
6571 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6573 * src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
6574 src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
6575 src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
6576 src/libopts/compat/strchr.c, src/libopts/configfile.c,
6577 src/libopts/genshell.c, src/libopts/genshell.h,
6578 src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
6579 src/libopts/option-value-type.h,
6580 src/libopts/option-xat-attribute.c,
6581 src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
6582 src/libopts/proto.h, src/libopts/streqvcmp.c,
6583 src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
6586 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6588 * src/certtool-cfg.c: better logging
6590 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6592 * lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
6595 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6597 * lib/x509/x509_dn.c: removed debugging info
6599 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6601 * lib/gnutls_priority.c: do not set any default level
6603 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6605 * lib/gnutls_priority.c: Assign very weak level to priority string
6608 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6610 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
6611 doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
6612 doc/invoke-srptool.texi: doc update
6614 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6616 * .gitignore: ignore auto-generated files
6618 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6620 * src/libopts/Makefile.am, src/libopts/ag-char-map.h,
6621 src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
6622 src/libopts/autoopts.c, src/libopts/autoopts.h,
6623 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
6624 src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
6625 src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
6626 src/libopts/genshell.c, src/libopts/genshell.h,
6627 src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
6628 src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
6629 src/libopts/option-value-type.c, src/libopts/option-value-type.h,
6630 src/libopts/option-xat-attribute.c,
6631 src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
6632 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
6633 src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
6634 src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18
6636 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6638 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
6639 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
6640 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
6641 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
6642 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
6643 src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
6644 src/tpmtool-args.h: removed autogenerated files
6646 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6648 * configure.ac, src/Makefile.am: If autogen and libopts are present
6649 then use the system's libopts.
6651 2013-11-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6653 * src/args-std.def, src/certtool-args.def, src/cli-args.def,
6654 src/danetool-args.def, src/psk-args.def, src/srptool-args.def:
6655 argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
6656 documentation places two dots (for example "specify a password
6657 file.." in srptool(1)). Most of the descriptions are declared properly (without a trailing
6658 dot), but this patch should clean up the rest. After this commit, any auto-generated documentation that is
6659 committed to git will probably will also need to be refreshed (or
6660 removed from git entirely and generated from the definitions during
6661 build, which might be cleaner).
6663 2013-11-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6665 * src/tests.c: fix DHE parameter output for gnutls-cli-debug
6666 --verbose gnutls_handshake() was failing during test_dhe_group, with an error
6667 of GNUTLS_E_NO_PRIORITIES_WERE_SET. Adding this call fixes the
6668 handshake so that DHE group details can be printed when requested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6670 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6672 * src/benchmark-tls.c, tests/mini-deflate.c,
6673 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
6674 tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
6675 tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
6678 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6680 * lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
6681 a warning as it is the same as not setting it. Reported by Daniel
6684 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6688 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6690 * src/certtool.c: Do not print private key parameters when exporting
6691 an encrypted private key.
6693 2013-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6695 * src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.
6697 2013-05-21 Stef Walter <stefw@redhat.com>
6699 * configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple
6700 callers of the same PKCS#11 module correctly. This increases the necessary p11-kit to 0.19.1 or later.
6702 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6704 * cross.mk: updated win32 makefile
6706 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6708 * tests/cert-tests/pem-decoding: win32 fix
6710 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6712 * src/pkcs11.c: include proper header file for uint8_t
6714 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6716 * NEWS: released 3.2.6
6718 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6720 * doc/invoke-certtool.texi, src/certtool-args.c,
6721 src/certtool-args.def, src/certtool-args.h: corrected example
6723 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6725 * lib/gnutls_record.c: debug_log -> record_log
6727 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6729 * lib/gnutls_record.c: Duplicate messages moved from audit log to
6730 debug log. There are networks where this is extremely common.
6732 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6734 * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
6736 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6738 * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
6739 doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
6740 doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi:
6741 replaced ':' in anchor names (texinfo doesn't like it).
6743 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6745 * doc/cha-upgrade.texi: doc update
6747 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6749 * lib/pkcs11_write.c: simplified code
6751 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6753 * NEWS, configure.ac, m4/hooks.m4: bumped version
6755 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6757 * build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4,
6758 gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
6759 gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4,
6760 gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
6761 gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h,
6762 gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
6763 gl/tests/getdtablesize.c, gl/tests/inttypes.in.h,
6764 gl/tests/macros.h, gl/tests/strerror-override.h,
6765 gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c,
6766 gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h,
6767 gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib.
6769 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6771 * libdane/dane.c: Removed unused parameter.
6773 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6775 * tests/suite/testdane: Better DANE test output.
6777 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6779 * libdane/dane.c: reindented code
6781 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6783 * libdane/dane.c: Reorganized main loop in dane_raw_tlsa
6785 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6787 * src/danetool.c: Added proper newlines to errors.
6789 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6791 * doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update
6793 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6795 * lib/accelerated/cryptodev.c: corrected typo
6797 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6799 * .gitignore, tests/suite/Makefile.am,
6800 tests/suite/ciphersuite/README,
6801 tests/suite/ciphersuite/registry-ciphers.js,
6802 tests/suite/ciphersuite/registry-ciphers.xslt,
6803 tests/suite/ciphersuite/scan-gnutls.sh,
6804 tests/suite/ciphersuite/test-ciphers.js,
6805 tests/suite/ciphersuite/test-ciphersuites.sh,
6806 tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test
6808 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6810 * tests/mini-handshake-timeout.c: Added a proper termination of
6811 session to avoid issues with premature termination.
6813 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6815 * configure.ac, tests/dtls/Makefile.am: we now explicitly check for
6818 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6820 * tests/cert-tests/Makefile.am, tests/dsa/Makefile.am,
6821 tests/dtls/Makefile.am, tests/ecdsa/Makefile.am,
6822 tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am,
6823 tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am,
6824 tests/pkcs8-decode/Makefile.am,
6825 tests/rsa-md5-collision/Makefile.am,
6826 tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am,
6827 tests/slow/Makefile.am, tests/srp/Makefile.am,
6828 tests/suite/Makefile.am, tests/userid/Makefile.am: use the same
6829 environment in all tests
6831 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6833 * tests/cert-tests/pem-decoding: removed unneeded diff option
6835 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6837 * tests/cert-tests/aki, tests/cert-tests/dane,
6838 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now
6839 a parameter allowing to override it.
6841 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6843 * tests/Makefile.am: LC_ALL is set to C to have predictable outputs
6846 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6848 * tests/mini-handshake-timeout.c: simplified test
6850 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6854 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6856 * lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and
6859 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6861 * doc/invoke-p11tool.texi: p11tool text updated.
6863 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6865 * doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
6866 doc/examples/print-ciphersuites.c: removed warnings
6868 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6870 * src/cli.c: removed warnings
6872 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6874 * NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules
6875 via trousers is now enabled by default.
6877 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6881 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6883 * src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h,
6884 src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option
6885 --generate-random to p11tool.
6887 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6889 * lib/algorithms/publickey.c, lib/algorithms/sign.c,
6890 lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures.
6892 2013-10-24 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
6894 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
6895 lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11
6896 tokens Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
6898 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6900 * lib/algorithms/publickey.c: Added new fallback OID for RSA
6903 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6905 * lib/algorithms/ciphersuites.c: Corrected number in
6906 GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to
6907 this ciphersuite. However {0xC0,0x8D} should be a typo as it is used
6908 by another ciphersuite in the same document.
6910 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6912 * lib/algorithms/ciphersuites.c: Corrected the naming of several PSK
6915 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6919 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6921 * lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name
6922 were renamed to ARCFOUR_128
6924 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6926 * NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites
6927 GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and
6928 GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384.
6930 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6934 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6936 * lib/algorithms/secparams.c: Increased minimum acceptable DH key to
6939 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6941 * tests/priorities.c: updated priorities for new ciphersuites
6943 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6947 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6951 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6953 * lib/algorithms/ciphersuites.c: Added ciphersuite
6954 GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384
6956 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6958 * tests/chainverify.c: Applied small patch by Jeremie
6959 Courreges-Anglas to avoid usage of error().
6961 2013-10-24 Alon Bar-Lev <alon.barlev@gmail.com>
6963 * src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
6964 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6966 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6968 * lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2
6969 or better to TLS1.0 or later.
6971 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6973 * lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into
6974 the default priority levels, and prioritized GCM over CBC
6977 2013-10-23 Christian Grothoff <christian@grothoff.org>
6979 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option
6980 DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key
6981 entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized
6982 from a source other than libunbound/DNS, as then the DNSSEC root key
6983 would not be used anyway. Worse, if we failed to read the DNSSEC
6984 root key, this would create a failure even though for applications
6985 that do not use DNSSEC (but do use DANE/TLSA) such a failure would
6986 be totally harmless.
6988 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6990 * NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi,
6991 doc/manpages/Makefile.am, doc/scripts/mytexi2latex,
6992 src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small
6993 changes prior to release
6995 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6997 * tests/priorities.c: corrected ciphersuite numbers in priorities
6999 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7001 * libdane/dane.c: corrected libdane doc
7003 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7005 * lib/includes/gnutls/gnutls.h.in: Added description for umac
7007 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7009 * m4/hooks.m4: bumped version
7011 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7013 * lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
7014 lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context.
7016 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7020 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7022 * lib/algorithms/ciphersuites.c: rearrangement
7024 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7026 * lib/algorithms/ciphersuites.c: Removed the _WITH_ from
7029 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7031 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
7032 lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am,
7033 lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
7034 lib/nettle/gcm-camellia.h: Added Camellia with GCM
7036 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7038 * lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia
7039 ciphersuites from RFC6367.
7041 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7043 * lib/algorithms/ciphersuites.c: Added HMAC-based Camellia
7044 ciphersuites from RFC6367.
7046 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7048 * lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from
7049 RFC5932. Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
7050 GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
7051 GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
7052 GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
7053 GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
7054 GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
7055 GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
7056 GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256.
7058 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7060 * lib/algorithms/ciphersuites.c: Added more ciphersuites from
7061 RFC5487. Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384,
7062 GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384,
7063 GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
7064 GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
7065 GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
7066 GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256,
7067 GNUTLS_RSA_PSK_NULL_SHA384.
7069 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7071 * lib/algorithms/ciphersuites.c: Added new ciphersuites from
7072 RFC5288. Added GNUTLS_RSA_AES_256_GCM_SHA384,
7073 GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384
7074 and GNUTLS_DH_ANON_AES_256_GCM_SHA384.
7076 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7080 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7082 * src/certtool-cfg.c: corrected type of path_len
7084 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7086 * libdane/libdane.map: exported symbols
7088 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7090 * NEWS, libdane/dane.c: small fixes
7092 2013-10-21 Christian Grothoff <christian@grothoff.org>
7094 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
7095 dane_verify_crt_raw to allow direct verification of a certificate
7096 chain against a dane_query_t (for example, as provided by the new
7097 dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7099 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7101 * m4/hooks.m4: bumped dane library version
7103 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7107 2013-10-21 Christian Grothoff <christian@grothoff.org>
7109 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
7110 dane_raw_tlsa to allow initialization of dane_query_t from DANE
7111 records based on external DNS resolutions. Also fixing a buffer
7112 overflow. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7114 2013-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7116 * lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in,
7117 po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
7118 po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in,
7119 tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
7120 tests/cert-tests/ca-no-pathlen.pem,
7121 tests/cert-tests/complex-cert.pem,
7122 tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c:
7123 Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some
7124 places (e.g. in the output of "certtool -i"), and "Public Key ID" in
7125 other places (e.g. in the output of "certtool -k"). This changeset standardizes on "Public Key ID", making the output
7126 consistent across uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7128 2013-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7130 * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added
7131 gnutls_certificate_get_crt_raw() to return the raw certificate as
7132 present in the credentials structure.
7134 2013-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7136 * doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected
7139 2013-10-09 Ludovic Courtès <ludo@gnu.org>
7141 * guile/modules/gnutls/build/priorities.scm, guile/src/core.c:
7142 guile: Fix possible stack overflows.
7144 2013-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7146 * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c,
7147 src/srptool.c: Corrected possible buffer overruns in included
7148 programs and examples. Corrected possible buffer overruns in included programs and
7149 examples. Reported by Pedro Ribeiro <pedrib@gmail.com>.
7151 2013-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7153 * NEWS: corrected typo
7155 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7159 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7161 * doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h:
7162 autogen'ed files update
7164 2013-10-04 Attila Molnar <attilamolnar@hush.com>
7166 * src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00
7167 2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
7168 2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when
7169 an invalid group parameter index is given If no group with the given index was found in the password conf file
7170 srptool crashed instead of reporting the error because the return
7171 value of fgets() wasn't validated before it was passed to atoi(). Signed-off-by: Attila Molnar <attilamolnar@hush.com>
7173 2013-10-04 Attila Molnar <attilamolnar@hush.com>
7175 * src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00
7176 2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
7177 2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to
7178 add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar <attilamolnar@hush.com>
7180 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7182 * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
7183 src/cli-args.h: doc update
7185 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7189 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7191 * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h:
7192 autogen'ed files update
7194 2013-10-03 Raj Raman <rajramanca@gmail.com>
7196 * src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline
7197 command infrastructure in gnutls-cli Signed-off-by: Raj Raman <rajramanca@gmail.com>
7199 2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7201 * tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of
7204 2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7206 * configure.ac, m4/hooks.m4: bumped version
7208 2013-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7210 * lib/tpm.c: include config.h in tpm.c
7212 2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7216 2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7218 * po/it.po.in: Sync with TP.
7220 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7224 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7226 * lib/algorithms/secparams.c: define subgroup bits for the weak and
7227 export parameters, to allow DH group generation.
7229 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7231 * doc/cha-gtls-app.texi: document the version macros
7233 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7235 * doc/cha-tokens.texi: doc update
7237 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7239 * src/tests.c: verbose is everywhere unsigned
7241 2013-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7245 2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7247 * lib/x509/verify-high.c: removed limitation as this has been
7250 2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7252 * doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update
7254 2013-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7256 * doc/TODO: doc update
7258 2013-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7260 * lib/gnutls_cipher.c: doc update
7262 2013-09-15 Ludovic Courtès <ludo@gnu.org>
7264 * guile/src/Makefile.am: guile: Use intermediary files when
7267 2013-09-15 Ludovic Courtès <ludo@gnu.org>
7269 * guile/src/Makefile.am: guile: Make builds parallel-safe. Reported by Andreas Metzler <ametzler@bebt.de>.
7271 2013-09-10 Tobias Polzer <tobias.polzer@fau.de>
7273 * lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for
7274 gnutls_srp_set_server_credentials_function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7276 2013-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7278 * src/Makefile.am: libopts is linked prior to libgnu to solve issue
7279 in win32. Initial patch by Tomasz Gajewski.
7281 2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7283 * tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in()
7284 and gnutls_handshake_get_last_out() for correctness.
7286 2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7288 * src/tests.c: Ignore non-fatal handshake alerts.
7290 2013-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7292 * tests/suite/mini-record-timing.c: silence warning about return
7295 2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7297 * lib/gnutls_cipher_int.c: updates in record packet encoding.
7299 2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7301 * tests/mini-record-2.c: Test the null cipher as well.
7303 2013-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7305 * lib/gnutls_cipher.c: added comments
7307 2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7309 * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
7310 gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
7311 gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
7312 Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857.
7314 2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7316 * src/certtool-common.c, src/certtool-extras.c, src/certtool.c,
7317 src/danetool.c, src/ocsptool-common.c, src/ocsptool.c,
7318 src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using
7321 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7323 * tests/record-sizes.c: record-sizes can only work properly with a
7326 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7328 * lib/gnutls_int.h: corrected max_user_send_size() for DTLS.
7330 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7332 * tests/mini-record-2.c: test for excessive records being correctly
7335 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7337 * lib/gnutls_cipher.c, lib/gnutls_cipher.h,
7338 lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c,
7339 lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int()
7340 accepts the actual pad rather than the intended data. Corrections in
7341 sending records with %NEW_PADDING.
7343 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7345 * .gitignore: more files to ignore
7347 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7349 * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
7350 gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
7351 gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
7354 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7356 * tests/suite/testdane: removed dane.nox.su from the good list
7358 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7360 * lib/gnutls_global.c: explicitly initialize the log functions
7362 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7364 * tests/Makefile.am, tests/mini-record-2.c: Added test to send
7365 variable packet sizes.
7367 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7369 * lib/gnutls_priority.c: doc update
7371 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7373 * lib/gnutls_cipher.c: simplified pad calculation
7375 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7377 * doc/cha-shared-key.texi: mention RSA-PSK
7379 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7381 * lib/auth/rsa_psk.c: author update
7383 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7385 * lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c:
7386 Improvements in RSA-PSK.
7388 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7390 * NEWS, m4/hooks.m4: released 3.2.4
7392 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7394 * lib/auth/Makefile.am: added missing file
7396 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7398 * lib/auth/rsa_psk.c: indented code
7400 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7404 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7406 * tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for
7407 RSA-PSK key exchange.
7409 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7411 * lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h,
7412 lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c:
7413 Optimizations in RSA-PSK by removing unneeded code.
7415 2013-06-29 Frank Morgner <morgner@informatik.hu-berlin.de>
7417 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
7418 lib/algorithms/kx.c, lib/algorithms/publickey.c,
7419 lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c,
7420 lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h,
7421 lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
7422 lib/gnutls_int.h, lib/gnutls_state.c,
7423 lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in
7424 e3c245b951530a92fc610a130faf167a37461073
7425 f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20
7427 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7429 * lib/gnutls_priority.c: arcfour is restored in the top of the
7430 performance priority.
7432 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7434 * tests/mini-cert-status.c: removed unused function
7436 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7438 * tests/Makefile.am, tests/mini-cert-status.c: Added test to verify
7439 the correct operation of gnutls_certificate_server_set_request().
7441 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7445 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7447 * lib/gnutls_int.h: Corrected
7448 gnutls_certificate_server_set_request().
7450 2013-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7452 * po/vi.po.in: Sync with TP.
7454 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7458 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7460 * tests/resume.c: Try 3 resumption attempts and try also session db
7463 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7465 * lib/gnutls_handshake.c: only register current session when not
7468 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7470 * lib/gnutls_db.c: do not duplicate tests for null.
7472 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7474 * src/serv.c: remove ifdefs for session tickets
7476 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7480 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7482 * lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by
7485 2013-08-18 Stefan Bühler <stbuehler@web.de>
7487 * lib/algorithms/ciphersuites.c, tests/priorities.c: add some
7488 RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges
7490 2013-08-18 Stefan Bühler <stbuehler@web.de>
7492 * tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c,
7493 tests/mini-alpn.c, tests/mini-deflate.c,
7494 tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c,
7495 tests/mini-dtls-large.c, tests/mini-dtls-record.c,
7496 tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
7497 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
7498 tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
7499 tests/mini-loss-time.c, tests/mini-overhead.c,
7500 tests/mini-record-range.c, tests/mini-record.c,
7501 tests/mini-rehandshake.c, tests/mini-termination.c,
7502 tests/mini-x509-2.c, tests/mini-x509-callbacks.c,
7503 tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c,
7504 tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c,
7505 tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c,
7506 tests/resume-dtls.c, tests/resume.c,
7507 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
7508 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
7509 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
7510 tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
7511 tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c:
7512 fix transport parameter casts in tests
7514 2013-08-24 Andreas Metzler <ametzler@downhill.at.eu.org>
7516 * tests/sha2/sha2: Clean up after test.
7518 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7520 * tests/cert-tests/pem-decoding: Corrected access of temp file.
7521 Reported by Thomas Witt.
7523 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7525 * doc/cha-gtls-app.texi: No longer recommend the use of RC4
7527 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7529 * lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h,
7530 lib/gnutls_priority.c: AES-GCM is preferred always
7532 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7534 * configure.ac, m4/hooks.m4: bumped version
7536 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7538 * NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
7539 lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c,
7540 src/certtool.c, src/cli-debug.c, src/cli.c,
7541 src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c,
7542 src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
7543 src/srptool.c, src/tpmtool.c: included programs no longer depend on
7544 GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion
7547 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7549 * .gitignore: more files to ignore
7551 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7553 * cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
7554 gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
7555 gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
7556 gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
7557 gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h,
7558 gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h,
7559 gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
7560 gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
7561 gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
7562 gl/dirname.h, gl/dosname.h, gl/dup2.c, gl/errno.in.h, gl/error.c,
7563 gl/error.h, gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h,
7564 gl/float.c, gl/float.in.h, gl/fpucw.h, gl/frexp.c, gl/frexpl.c,
7565 gl/fseek.c, gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c,
7566 gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c,
7567 gl/getdelim.c, gl/getline.c, gl/getopt.c, gl/getopt.in.h,
7568 gl/getopt1.c, gl/getopt_int.h, gl/getpass.c, gl/getpass.h,
7569 gl/getpeername.c, gl/getsubopt.c, gl/gettext.h, gl/gettimeofday.c,
7570 gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/inet_ntop.c,
7571 gl/inet_pton.c, gl/intprops.h, gl/isnan.c, gl/isnand-nolibm.h,
7572 gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
7573 gl/isnanl.c, gl/itold.c, gl/listen.c, gl/lseek.c,
7574 gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4,
7575 gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
7576 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4,
7577 gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
7578 gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
7579 gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
7580 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
7581 gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4,
7582 gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
7583 gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4,
7584 gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4,
7585 gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4,
7586 gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4,
7587 gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h,
7588 gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
7589 gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
7590 gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
7591 gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
7592 gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
7593 gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
7594 gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c,
7595 gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c,
7596 gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c,
7597 gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c,
7598 gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c,
7599 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
7600 gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
7601 gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
7602 gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c,
7603 gl/strchrnul.valgrind, gl/strdup.c, gl/strerror-override.c,
7604 gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
7605 gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c,
7606 gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
7607 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
7608 gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
7609 gl/tests/Makefile.am, gl/tests/dosname.h, gl/tests/fpucw.h,
7610 gl/tests/infinity.h, gl/tests/intprops.h, gl/tests/malloca.c,
7611 gl/tests/malloca.h, gl/tests/malloca.valgrind,
7612 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c,
7613 gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c,
7614 gl/tests/strerror-override.c, gl/tests/strerror-override.h,
7615 gl/tests/strerror.c, gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
7616 gl/tests/test-dirent.c, gl/tests/test-environ.c,
7617 gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c,
7618 gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
7619 gl/tests/test-fseterr.c, gl/tests/test-getopt.c,
7620 gl/tests/test-getopt.h, gl/tests/test-getopt_long.h,
7621 gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
7622 gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
7623 gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
7624 gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
7625 gl/tests/test-math.c, gl/tests/test-printf-frexp.c,
7626 gl/tests/test-printf-frexpl.c, gl/tests/test-printf-posix.h,
7627 gl/tests/test-printf-posix.output, gl/tests/test-rawmemchr.c,
7628 gl/tests/test-setenv.c, gl/tests/test-signbit.c,
7629 gl/tests/test-sleep.c, gl/tests/test-strchrnul.c,
7630 gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
7631 gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
7632 gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
7633 gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
7634 gl/tests/unsetenv.c, gl/time.in.h, gl/time_r.c, gl/u64.h,
7635 gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
7636 gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c,
7637 gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c,
7638 gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, src/certtool.c,
7639 src/cli-debug.c, src/cli.c, src/danetool.c, src/ocsptool-common.c,
7640 src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
7641 src/srptool.c, src/tpmtool.c: gnulib only contains lgplv2 modules
7643 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7645 * po/de.po.in, po/vi.po.in: Sync with TP.
7647 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7649 * src/pkcs11.c: removed unused code
7651 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7653 * src/pkcs11.c: Do not try to parse arbitrary objects as
7656 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7658 * lib/gnutls_handshake.c: don't ignore errors when copying
7661 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7663 * doc/cha-gtls-app.texi: mention that new padding is currently a
7666 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7668 * configure.ac, src/libopts/makeshell.c: do not require localtime
7670 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7672 * cross.mk: added mkdir
7674 2013-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7676 * lib/gnutls_constate.c: inverse check for cipher ok and priority.
7678 2013-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7680 * lib/gnutls_record.c: documented parameters
7682 2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7684 * lib/gnutls_priority.c: no need to keep separate priority lists for
7685 export ciphersuites (they are no longer available).
7687 2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7689 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS
7690 priority string option.
7692 2013-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7694 * NEWS: released 3.2.3
7696 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7700 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7702 * lib/gnutls_record.c: allow empty fragments with padding.
7704 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7706 * tests/record-sizes-range.c: corrected test
7708 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7710 * tests/Makefile.am, tests/record-sizes-range.c: Added test for the
7711 range functionality.
7713 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7715 * lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead
7716 calculation in AEAD ciphers.
7718 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7720 * configure.ac: Correctly report unicode status in win32 API
7722 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7724 * lib/Makefile.am: correctly link with librt when needed.
7726 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7728 * configure.ac, lib/Makefile.am, lib/system.c: link with libiconv
7731 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7735 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7737 * build-aux/snippet/unused-parameter.h, configure.ac,
7738 gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
7739 gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
7740 gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf,
7741 gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf,
7742 gl/iconv_open-solaris.gperf, gl/iconv_open.c,
7743 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4,
7744 gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4,
7745 gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
7746 gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
7747 gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4,
7748 gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h,
7749 gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c,
7750 gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
7751 gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
7752 gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
7753 gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
7754 gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
7755 gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
7756 gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
7757 gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
7758 gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib
7759 components. This removes the gnulib iconv, and uses libc or libiconv if needed.
7761 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7763 * NEWS: released 3.2.3pre0
7765 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7767 * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
7769 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7771 * NEWS, configure.ac, m4/hooks.m4: bumped version
7773 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7775 * lib/gnutls_int.h, lib/gnutls_record.h: use common macros to
7776 calculate the overhead.
7778 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7780 * lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
7781 lib/gnutls_constate.c, lib/gnutls_constate.h,
7782 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
7783 lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake
7784 function is now called before epoch change. This allows enabling certain features, such as the new record
7785 padding, prior to exchanging finished messages.
7787 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7789 * tests/record-sizes.c: test sending and receiving the maximum
7790 allowed TLS buffer size.
7792 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7794 * configure.ac: corrected guile-site-dir option. Patch by Steve
7797 2013-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7799 * lib/gnutls_record.h: Do not count pad and MAC as received data.
7801 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7803 * lib/gnutls_record.c: simplified decrypted data allocation.
7805 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7809 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7811 * lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h:
7812 small optimizations.
7814 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7816 * lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility
7817 mode allow for larger record sizes than the maximum.
7819 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7821 * tests/Makefile.am, tests/mini.c, tests/record-sizes.c: Updated
7824 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7826 * src/libopts/ag-char-map.h: Applied Bruce Korb's fix on
7829 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7831 * src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
7832 configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88.
7834 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7836 * tests/priorities.c: test also the number of ciphers.
7838 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7840 * NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
7841 lib/libgnutls.map: Added helper functions to export the available
7842 ciphers in a priority structure
7844 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7848 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7850 * tests/Makefile.am, tests/priorities.c: Added a test that checks
7851 whether the priorities behave as expected (depends on the supported
7852 ciphersuite numbers)
7854 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7856 * lib/gnutls_priority.c: When adding a bulk of priorities make sure
7857 they don't replace the whole list. Reported by Stefan Buehler.
7859 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7861 * doc/cha-gtls-app.texi: doc update
7863 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7865 * doc/cha-gtls-app.texi: updated doc
7867 2013-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7869 * src/libopts/ag-char-map.h: Ignore non-ascii characters in
7870 configuration file. This is a quick fix for
7872 http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html
7874 2013-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7876 * Makefile.am: make sure that the .info files are as new as the pdfs
7879 2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7881 * doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509
7882 server example updated to include OCSP stapling
7884 2013-07-16 Matt Whitlock <matt@whitlock.name>
7886 * lib/gnutls_buffers.c: avoid leaking a buffer element when
7887 _gnutls_stream_read returns 0
7889 2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7891 * lib/gnutls_x509.c: doc update
7893 2013-07-17 Stefan Bühler <stbuehler@web.de>
7895 * lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1"
7896 misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps
7897 other functions) assumes the list to be zero terminated. Make prio_remove zero the element at the end, and use the actual
7898 length of the list in prio_add. Relying on the trailing zero will fail if the list is full, and
7899 might lead to invalid memory accesses as the loop won't stop until
7900 it finds either the algorithm identifier or 0.
7902 2013-07-17 Adam Sampson <ats@offog.org>
7904 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
7905 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
7906 tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair
7907 on _WIN32. socketpair isn't provided on Windows, so these tests should just
7908 exit 77. Note that resume-dtls.c already had a guard like this -- I've
7909 rewritten it to match the others, but socketpair (presumably!) isn't
7910 the only reason that test is disabled on Win32. Signed-off-by: Adam Sampson <ats@offog.org>
7912 2013-07-16 Adam Sampson <ats@offog.org>
7914 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
7915 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
7916 tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP
7917 connections. Besides simplifying the code, this also makes it possible to run
7918 "make check" in parallel -- previously this didn't work because
7919 several tests were trying to bind the same port. Signed-off-by: Adam Sampson <ats@offog.org>
7921 2013-07-16 Adam Sampson <ats@offog.org>
7923 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
7924 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
7925 tests/x509dn.c, tests/x509self.c: Detect socket() error responses
7926 correctly. The code was testing the wrong variable... Signed-off-by: Adam Sampson <ats@offog.org>
7928 2013-07-16 Adam Sampson <ats@offog.org>
7930 * doc/scripts/gdoc: Avoid depending on hash order in gdoc. Previously, gdoc had a hash of regexp replacements for each output
7931 format, and applied the replacements in the order that "keys"
7932 returned for the hash. However, not all orders are safe -- and now
7933 that Perl 5.18 randomises hash order per-process, it only worked
7934 sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
7935 #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
7936 #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
7937 @code{gnutls_session_t} structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
7938 @code{gnutls_session_t} structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
7939 #gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
7940 #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
7941 @code{gnutls_session_t} structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
7942 @code{code} {gnutls_session_t} structure.' This patch turns the hash into a list, so the replacements will
7943 always be done in the intended order. Signed-off-by: Adam Sampson <ats@offog.org>
7945 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7947 * tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c,
7948 tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c,
7949 tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under
7950 reliable transports to avoid unexpected packet loss.
7952 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7954 * lib/Makefile.am: Link with librt when needed. Reported by Joern
7957 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7959 * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
7960 lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need
7961 for the additional version variable.
7963 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7965 * cross.mk: updated w32 makefile
7967 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7969 * build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c,
7970 gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4,
7971 gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4,
7972 gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4,
7973 gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h,
7974 gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c,
7975 gl/tests/ignore-value.h, gl/tests/malloca.c,
7976 gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c,
7977 gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c,
7978 gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk:
7981 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7983 * NEWS: released 3.2.2
7985 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7987 * lib/gnutls_global.c: doc update
7989 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7991 * lib/includes/gnutls/gnutls.h.in: typo fix
7993 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7995 * src/common.c: gnutls-cli -l prints the supported digest algorithms
7998 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8000 * lib/gnutls_handshake.c: corrected return value.
8002 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8004 * configure.ac: Check for nanosleep in librt, when not in libc.
8005 Reported by Joern Clausen.
8007 2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8009 * lib/gnutls_int.h: corrected typo
8011 2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8013 * README-alpha: updated
8015 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8017 * lib/gnutls_int.h: try to reduce memory in internal structure
8019 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8021 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
8022 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
8023 tests/mini-x509-callbacks.c: Allow hooks to be called before or
8024 after generation/receiving.
8026 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8028 * lib/gnutls_handshake.c, lib/gnutls_state.c,
8029 lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function,
8030 to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba.
8032 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8036 2013-07-10 Gustavo Zacarias <gustavo@zacarias.com.ar>
8038 * lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes
8039 and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build
8040 failures. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
8042 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8044 * lib/algorithms/mac.c: doc update
8046 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8050 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8054 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8056 * lib/gnutls_handshake.c: make sure that the hook function is always
8059 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8061 * doc/Makefile.am, doc/manpages/Makefile.am: New functions added
8063 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8065 * configure.ac, m4/hooks.m4: bumped version
8067 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8069 * lib/gnutls_handshake.c: When resuming a session send only the
8070 mandatory extensions. That will make server behavior to conform to TLS RFC. Reported by
8073 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8075 * lib/ext/srtp.c: corrected typo
8077 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8081 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8083 * lib/ext/srtp.c: Include MKI size in size calculations for the
8084 extension. This prevents a parsing error when MKI is being used. Reported by
8087 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8089 * src/benchmark.h: Fix for NetBSD systems that do not have
8090 CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner.
8092 2013-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8094 * src/certtool.c: make sure that a valid number of days is entered
8096 2013-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8098 * doc/DCO.txt: Added DCO
8100 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8102 * lib/libgnutls.map: added new functions
8104 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8106 * tests/mini-dtls-hello-verify.c: simplified structure
8108 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8110 * lib/gnutls_handshake.c: corrected issue in client hello verify.
8112 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8114 * NEWS, lib/algorithms/mac.c, lib/gnutls_int.h,
8115 lib/includes/gnutls/gnutls.h.in: Added helper functions for digests.
8117 2013-07-04 Stef Walter <stefw@redhat.com>
8119 * lib/pkcs11.c: pkcs11: Use the correct attribute length for
8120 CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
8121 are done with the attribute byte values, we need to get the length
8122 exactly right. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8124 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8126 * tests/mini-x509-callbacks.c: updated for new callback format
8128 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8130 * lib/gnutls_priority.c: corrected typo
8132 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8134 * .gitignore: more files to ignore
8136 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8138 * lib/gnutls_dtls.c: doc update
8140 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8142 * lib/gnutls_priority.c: when removing a cipher priority, make sure
8145 2013-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8147 * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in:
8148 gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size
8150 2013-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8152 * lib/crypto-api.c: doc update
8154 2013-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8156 * po/eo.po.in, po/fi.po.in: Sync with TP.
8158 2013-06-28 Ludovic Courtès <ludo@gnu.org>
8160 * guile/src/core.c: guile: Keep a weak reference on objects
8161 aggregated by other objects. Before, in cases such as `set-anonymous-server-dh-parameters!' where
8162 the C object beneath CRED keeps a pointer to the C object beneath
8163 DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading
8164 to the destruction of the underlying C object. Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
8166 2013-06-28 Ludovic Courtès <ludo@gnu.org>
8168 * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
8169 guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather
8170 than `fileno'. This has no practical impact, but it's a better way to express that
8171 we don't want the file descriptors closed behind our back.
8173 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8175 * doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT
8177 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8179 * doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
8180 documented private extensions
8182 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8184 * lib/gnutls_handshake.c, lib/gnutls_state.c,
8185 lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply
8186 only to post-processing or generation of messages.
8188 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8190 * lib/gnutls_record.c: documented dtls behavior.
8192 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8194 * lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU
8196 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8198 * tests/mini-dtls-large.c: make sure that no DTLS MTU size can
8201 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8203 * lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle
8204 dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b.
8206 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8208 * tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify
8209 whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets
8211 2013-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8213 * po/cs.po.in: Sync with TP.
8215 2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8217 * lib/gnutls_dh_primes.c: check for zero values when import DH
8220 2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8222 * po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in:
8225 2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8229 2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8231 * NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c,
8232 lib/gnutls_int.h, lib/gnutls_state.c,
8233 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
8234 tests/mini-x509-callbacks.c: Added
8235 gnutls_handshake_set_hook_function() to allow hooks on arbitrary
8238 2013-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8240 * doc/announce.txt: added BCC to avoid forgetting it in the future
8242 2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8244 * doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update
8246 2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8248 * NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c,
8249 lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in,
8250 lib/libgnutls.map: avoid the introduction of a new function to
8251 disable replay protection.
8253 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8255 * tests/suite/testcompat-main: changed port to avoid conflicts
8257 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8259 * tests/mini-overhead.c: small update
8261 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8263 * src/cli.c: removed unused var
8265 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8267 * src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool
8270 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8272 * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in,
8273 lib/libgnutls.map: Added gnutls_record_overhead_size() and Added
8274 gnutls_record_overhead_size2().
8276 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8278 * lib/gnutls_state.c: doc update
8280 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8282 * NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
8283 lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay
8284 protection can now be disabled.
8286 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8288 * lib/gnutls_state.c: doc update
8290 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8292 * NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h,
8293 lib/libgnutls.map: Added gnutls_cipher_get_tag_size().
8295 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8297 * NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
8298 lib/libgnutls.map: Added gnutls_certificate_set_trust_list().
8300 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8302 * lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
8303 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
8304 lib/gnutls_sig.c: explicit tests for non-null version
8306 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8308 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo
8310 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8312 * .gitignore: more files to ignore
8314 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8316 * lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat
8317 timeout documentation; reported by Sebastien Decugis.
8319 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8321 * build-aux/ar-lib: updated file
8323 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8325 * tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files
8327 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8329 * build-aux/test-driver, configure.ac: require automake 1.12.2 for
8332 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8334 * lib/gnutls_priority.c: SECURE -> SECURE128
8336 2013-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8338 * guile/tests/priorities.scm: corrected priority strings
8340 2013-06-06 Martin Storsjo <martin@martin.st>
8342 * extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
8343 lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
8344 lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am,
8345 lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
8346 lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included
8347 implicitly via gnutls_int.h, if the nettle include directories
8348 aren't in one of the compiler standard paths. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8350 2013-06-06 Martin Storsjo <martin@martin.st>
8352 * src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config
8353 include and lib paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8355 2013-06-06 Ludovic Courtès <ludo@gnu.org>
8357 * guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by
8360 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8362 * lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies
8365 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8367 * lib/nettle/Makefile.am: correctly place cflags
8369 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8371 * doc/cha-shared-key.texi: discourage usage of anonymous
8374 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8376 * doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update
8378 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8380 * lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am,
8381 m4/hooks.m4: Directly link to gmp library. Based on original patch
8382 by Alon Bar-Lev <alon.barlev@gmail.com>.
8384 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8386 * cross.mk: updated cross.mk
8388 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8390 * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
8391 tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several
8392 updates for tests to run under win32
8394 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8396 * lib/system.c: null terminate strings in windows
8398 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8400 * cross.mk: updated makefile
8402 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8404 * tests/pkcs12-decode/pkcs12: fix windows extension
8406 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8408 * tests/pkcs1-padding/Makefile.am: avoid running tests which require
8409 datefudge in windows
8411 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8413 * src/cli.c: avoid struct sigaction in win32
8415 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8417 * tests/cert-tests/pem-decoding: Avoid comparing the expiration date
8418 to prevent false positive error in 32-bit systems.
8420 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8422 * tests/cert-tests/pathlen: Revert "Avoid comparing the expiration
8423 date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00.
8425 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8427 * tests/cert-tests/pathlen: Avoid comparing the expiration date to
8428 prevent false positive error in 32-bit systems.
8430 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8434 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8436 * doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates
8438 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8440 * NEWS: updated from 3.2.1
8442 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8444 * configure.ac: check for suse's CA bundle file
8446 2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8448 * lib/openpgp/privkey.c: call cleanup and deinit on the correct
8449 number of parameters
8451 2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8453 * lib/gnutls_pk.c: avoid calling clear on null values
8455 2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8457 * configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use
8458 pkg-config to detect nettle
8460 2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8462 * tests/mini-xssl.c: ignore sigpipe
8464 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8466 * lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic
8467 curves even when using SSL 3.0. This works around a bug on openssl
8468 in certain Debian systems.
8470 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8472 * po/LINGUAS, po/eo.po.in: Sync with TP.
8474 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8476 * .gitignore: more files to ignore
8478 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8480 * tests/mini-xssl.c: updated xssl.
8482 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8484 * lib/gnutls_dtls.c: doc update
8486 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8488 * tests/mini-overhead.c: document sizes
8490 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8492 * lib/gnutls_dtls.c: more precise calculation of overhead
8494 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8496 * tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS.
8498 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8500 * lib/gnutls_dtls.c: doc update
8502 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8506 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8508 * configure.ac, m4/hooks.m4: bumped version
8510 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8512 * lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in:
8513 revert prototype move
8515 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8517 * doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am:
8520 2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8522 * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory
8525 2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8527 * lib/gnutls_cipher_int.h: corrected likely()
8529 2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8531 * tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use
8532 various ciphers in tests.
8534 2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8536 * lib/gnutls_privkey.c: doc update
8538 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8540 * tests/mini-dtls-record.c: avoid delays by using a reliable
8543 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8545 * .gitignore: removed test file from repository
8547 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8549 * tests/mini-record.c: avoid delays by using a reliable transport
8552 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8554 * lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
8555 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory
8558 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8560 * lib/nettle/pk.c: eliminated unused variable
8562 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8564 * lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in().
8565 Report by Mann Ern Kang.
8567 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8569 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
8570 simplified code by passing an mbuffer.
8572 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8574 * lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name
8576 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8578 * lib/gnutls_pubkey.c: always set hash length
8580 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8582 * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c:
8583 corrected bug with _gnutls_dsa_q_to_hash() usage introduced
8586 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8588 * lib/abstract_int.h, lib/algorithms.h,
8589 lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
8590 lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c,
8591 lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
8592 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
8593 lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
8594 lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS
8595 protocol version properties.
8597 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8599 * lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c,
8600 lib/algorithms.h, lib/algorithms/ciphers.c,
8601 lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
8602 lib/algorithms/protocols.c, lib/algorithms/sign.c,
8603 lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c,
8604 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
8605 lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
8606 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
8607 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
8608 lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c,
8609 lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
8610 lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am,
8611 lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c,
8612 lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c,
8613 lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
8614 lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
8615 lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
8616 lib/x509/x509_int.h: simplified access to cipher and mac properties
8617 to reduce wasted cycles.
8619 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8621 * extra/gnutls_openssl.c: modified openssl compat API to use the
8624 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8626 * lib/libgnutls.map: no longer export internal hash functions
8628 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8630 * tests/mini-dtls-hello-verify.c: removed memory leak
8632 2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8634 * lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions
8636 2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8638 * lib/gnutls_mbuffers.c: avoid calloc
8640 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8642 * lib/gnutls_record.c: fixes in record version checking
8644 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8646 * src/cli.c: use sigaction instead of signal in gnutls-cli
8648 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8650 * src/cli.c: Revert "break the loop when a SIGALRM has been
8651 received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b.
8653 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8655 * src/libopts/m4/libopts.m4: relax check on requirement on headers
8656 for libopts. Reported by Mark Brand.
8658 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8660 * .gitignore: more files to ignore
8662 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8664 * lib/gnutls_record.c: Improved record version checks
8666 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8668 * tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for
8669 hello verify message
8671 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8673 * lib/nettle/mac.c: fail on wrong key sizes
8675 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8677 * NEWS, lib/gnutls_dtls.c: corrected record overhead calculations
8679 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8681 * lib/gnutls_record.c: more detailed error
8683 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8685 * lib/gnutls_handshake.c: corrected resumption check
8687 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8691 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8693 * lib/gnutls_record.c: Allow record layer packets with version less
8694 than the negotiated. Allowing such records avoids issue in DTLS client hello request
8697 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8699 * lib/gnutls.pc.in: removed undefined variable
8701 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8703 * NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c,
8704 lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
8705 gnutls_session_set_id() was added
8707 2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8709 * src/cli.c: break the loop when a SIGALRM has been received
8711 2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8713 * src/libopts/m4/libopts.m4: configure proceeds if regex library
8716 2013-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8718 * lib/gnutls_str.c: documented function behavior
8720 2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8722 * lib/gnutls_str.c: corrected typo
8724 2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8726 * lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c,
8727 lib/opencdk/sig-check.c, lib/x509/common.c,
8728 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
8729 lib/xssl.c, libdane/dane.c: several updates
8731 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8733 * src/danetool.c: print message on certificate verification
8735 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8739 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8741 * tests/cert-tests/pem-decoding: more verbose messages
8743 2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
8745 * tests/eagain-common.h: When retrying gnutls_record_send due to
8746 GNUTLS_E_AGAIN, also try passing null data and length. Tests will
8747 fail after this patch until next patch is applied that fixes a bug
8748 in gnutls_record_send. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8750 2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
8752 * lib/gnutls_record.c: If gnutls_record_send fails with
8753 GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows
8754 passing null for the data and size on retry. Commit 2ec84d6 broke this usage of gnutls_record_send. This patch
8755 fixes the problem. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8757 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8759 * doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas
8762 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8764 * NEWS: released 3.2.0
8766 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8768 * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
8769 doc/cha-gtls-examples.texi: simplified node referencing and add
8772 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8774 * m4/hooks.m4: increased revision
8776 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8778 * doc/Makefile.am, doc/manpages/Makefile.am: doc update
8780 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8782 * NEWS, lib/algorithms/ciphersuites.c: Added more options for
8785 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8787 * src/libopts/m4/libopts.m4: applied libregex patch
8789 2013-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8791 * cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
8792 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
8793 lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
8794 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
8795 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
8796 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
8797 lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style
8798 comments to compile in old MacOSX systems. Reported by Ryan Schmidt.
8800 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8802 * doc/cha-auth.texi: doc update
8804 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8806 * lib/ext/alpn.c: clarified doc
8808 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8810 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
8811 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
8812 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
8813 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
8814 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
8815 doc/manpages/tpmtool.1: updated for new autogen
8817 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8819 * tests/mini-alpn.c: updated for new api
8821 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8823 * tests/dtls/dtls-stress.c: updated path
8825 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8827 * src/cli.c: corrected API usage.
8829 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8831 * lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c,
8832 lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support
8833 for the NO_APPLICATION_PROTOCOL alert for ALPN.
8835 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8837 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c,
8838 src/common.c: Improved ALPN support in gnutls-cli
8840 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8842 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
8843 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
8844 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
8845 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
8846 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
8847 src/srptool-args.c, src/srptool-args.h: updated libopts generated
8850 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8852 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
8853 src/libopts/Makefile.am, src/libopts/README,
8854 src/libopts/ag-char-map.h, src/libopts/alias.c,
8855 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
8856 src/libopts/autoopts.c, src/libopts/autoopts.h,
8857 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
8858 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
8859 src/libopts/check.c, src/libopts/compat/compat.h,
8860 src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c,
8861 src/libopts/compat/strchr.c, src/libopts/compat/strdup.c,
8862 src/libopts/compat/windows-config.h, src/libopts/configfile.c,
8863 src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
8864 src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
8865 src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
8866 src/libopts/libopts.c, src/libopts/load.c,
8867 src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
8868 src/libopts/makeshell.c, src/libopts/nested.c,
8869 src/libopts/numeric.c, src/libopts/option-value-type.c,
8870 src/libopts/option-value-type.h,
8871 src/libopts/option-xat-attribute.c,
8872 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
8873 src/libopts/parse-duration.h, src/libopts/pgusage.c,
8874 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
8875 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
8876 src/libopts/stack.c, src/libopts/streqvcmp.c,
8877 src/libopts/text_mmap.c, src/libopts/time.c,
8878 src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
8879 updated libopts to autogen 5.17.3
8881 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8883 * src/cli-args.def, src/cli.c: Added --alpn option to cli
8885 2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8887 * configure.ac, m4/hooks.m4: bumped version
8889 2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8891 * NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
8892 lib/nettle/mac.c: Added umac-128
8894 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8896 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the
8897 key purpose in certificate requests
8899 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8901 * tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is
8902 disabled. Reported by Linus Nordberg.
8904 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8906 * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo.
8907 reported by Etan Reisner.
8909 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8911 * tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c:
8912 updated include files
8914 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8916 * lib/gnutls_handshake.c: simplified code
8918 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8920 * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
8921 gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
8922 gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c,
8923 gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib
8925 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8927 * tests/anonself.c, tests/certder.c,
8928 tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
8929 tests/chainverify-unsorted.c, tests/chainverify.c,
8930 tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
8931 tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c,
8932 tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c,
8933 tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
8934 tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c,
8935 tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c,
8936 tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
8937 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
8938 tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
8939 tests/mini-loss-time.c, tests/mini-record-range.c,
8940 tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c,
8941 tests/mini-termination.c, tests/mini-x509-2.c,
8942 tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
8943 tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c,
8944 tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c,
8945 tests/openpgp-auth.c, tests/openpgp-auth2.c,
8946 tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
8947 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
8948 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
8949 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
8950 tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
8951 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
8952 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
8953 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
8954 tests/set_pkcs12_cred.c, tests/setcredcrash.c,
8955 tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
8956 tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
8957 tests/suite/mini-record-timing.c, tests/utils.h,
8958 tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
8959 tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When
8960 running tests disable PKCS #11 support to avoid detecting memory
8961 leaks from PKCS #11 libraries.
8963 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8965 * lib/gnutls_dtls.c: doc update
8967 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8969 * tests/dtls/Makefile.am: link explicitly to librt
8971 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8975 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8979 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8981 * .gitignore, build-aux/config.rpath, build-aux/gendocs.sh,
8982 configure.ac, gl/Makefile.am, gl/gettime.c,
8983 gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4,
8984 gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
8985 gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4,
8986 gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4,
8987 gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h,
8988 gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c,
8989 gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c,
8990 lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c,
8991 lib/system.h, src/benchmark-cipher.c, src/benchmark.c,
8992 src/benchmark.h, tests/suite/Makefile.am,
8993 tests/suite/mini-record-timing.c: Avoid linking the library on
8996 2013-04-27 Stef Walter <stefw@redhat.com>
8998 * tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9000 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9002 * tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem,
9003 tests/cert-tests/pem-decoding: Added test for escaping rules.
9005 2013-04-27 Stef Walter <stefw@redhat.com>
9007 * lib/x509/common.c: Add the standard description OID to those
9008 recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
9010 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9012 * lib/x509/common.c, lib/x509/dn.c: Always escape printable strings
9013 the LDAP way, and avoid escaping hex encoded values. Report and
9014 initial patch from Stef Walter.
9016 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9018 * lib/x509/common.c, lib/x509/common.h: Do not include null
9019 terminator in DN string. When printing an unknown DN string as hex do not include the null
9020 terminator. Reported by Stef Walter.
9022 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9024 * configure.ac: Link against pthread only when pthread_mutex_lock
9027 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9029 * lib/accelerated/x86/sha-padlock.c: initialize the digest after
9032 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9034 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
9035 src/pkcs11.c: read_yesno() accepts a default value. By default
9036 certificates are marked as ok for signing and encryption.
9038 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9040 * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license
9042 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9044 * lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
9045 lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
9046 lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability
9049 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9051 * lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
9052 lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
9053 lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset
9054 separately. It is implied by nettle's output function.
9056 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9058 * lib/crypto-api.c: updated documentation
9060 2013-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9062 * src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
9063 src/benchmark.h: updated benchmark output
9065 2013-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9067 * doc/TODO: updated TODO list
9069 2013-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9071 * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the
9072 pass argument on PKCS #11 keys.
9074 2013-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9076 * lib/accelerated/x86/hmac-padlock.c,
9077 lib/accelerated/x86/sha-padlock.c: corrected memory leak in
9080 2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9082 * doc/cha-intro-tls.texi: mention about experimental protocols
9084 2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9086 * src/benchmark-tls.c: nettle 2.7 is required
9088 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9090 * doc/cha-crypto.texi: doc update
9092 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9094 * doc/cha-crypto.texi: Added documentation on public key API.
9096 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9098 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority
9099 string VERS-DTLS-ALL
9101 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9103 * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
9104 m4/hooks.m4: nettle 2.7 is required
9106 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9108 * NEWS: corrected doc
9110 2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9112 * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
9113 m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27
9115 2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9117 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
9118 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
9119 src/benchmark-tls.c: Added ESTREAM salsa20 cipher.
9121 2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9123 * lib/nettle/mac.c: better naming of functions
9125 2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9127 * lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
9128 lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new
9131 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9133 * README: added note about LGPLv3
9135 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9137 * lib/system_override.c: doc update
9139 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9141 * lib/gnutls_buffers.c: use unlikely
9143 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9145 * NEWS: documented update
9147 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9149 * configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am,
9150 lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c,
9151 lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
9152 lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am,
9153 tests/mini-alpn.c: Added support for the ALPN extension.
9155 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9157 * lib/gnutls_constate.c: removed unused variables
9159 2013-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9161 * src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT
9164 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9168 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9170 * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
9171 doc/cha-tokens.texi, lib/gnutls_x509.c,
9172 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
9173 gnutls_certificate_set_x509_key_mem2() and
9174 gnutls_certificate_set_x509_key_file2()
9176 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9178 * doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi,
9179 lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc
9182 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9184 * lib/algorithms.h, lib/algorithms/ciphers.c,
9185 lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h:
9186 removed TLS export key generation
9188 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9190 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am,
9191 lib/algorithms.h, lib/algorithms/ciphersuites.c,
9192 lib/algorithms/kx.c, lib/algorithms/publickey.c,
9193 lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c,
9194 lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c,
9195 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
9196 lib/gnutls_priority.c, lib/gnutls_rsa_export.c,
9197 lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
9198 lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
9199 lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c,
9200 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the
9201 RSA-EXPORT ciphersuites.
9203 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9205 * NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c,
9206 lib/algorithms/protocols.c, lib/gnutls_priority.c,
9207 lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added
9208 support for DTLS 1.2
9210 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9212 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
9213 lib/includes/gnutls/gnutls.h.in: deprecated
9214 gnutls_privkey_sign_raw_data()
9216 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9220 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9222 * lib/gnutls_range.c: updates in range handling code.
9224 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9226 * tests/Makefile.am, tests/mini-record-range.c: Added test for
9229 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9231 * lib/auth/ecdhe.c: Set the curve priority to calling derive.
9233 2013-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9235 * lib/nettle/pk.c: reduce the number of temp variables in ECDH
9237 2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9239 * src/common.c: print the signatures used.
9241 2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9243 * lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
9244 lib/gnutls_session_pack.c, lib/gnutls_sig.c,
9245 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
9246 gnutls_sign_algorithm_get_client()
9248 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9250 * lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat
9251 implementation to match the rest of the library
9253 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9255 * doc/cha-internals.texi: updated text
9257 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9259 * lib/ext/heartbeat.c: gnutls_pong() returns zero on success.
9261 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9263 * lib/ext/heartbeat.h: removed function that didn't exist
9265 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9267 * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat
9269 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9271 * tests/mini-dtls-heartbeat.c: Check all error conditions.
9273 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9275 * lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by
9278 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9280 * NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c,
9281 lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
9282 lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
9283 lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
9284 lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
9285 lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c,
9286 lib/nettle/ecc_projective_add_point_ng.c,
9287 lib/nettle/ecc_projective_check_point.c,
9288 lib/nettle/ecc_projective_dbl_point_3.c,
9289 lib/nettle/ecc_projective_isneutral.c,
9290 lib/nettle/ecc_projective_negate_point.c,
9291 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
9292 lib/nettle/ecc_verify_hash.c, lib/nettle/init.c,
9293 lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c,
9294 lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve
9295 code from gnutls. Use nettle's implementation.
9297 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9299 * src/serv.c: corrected issue in ecccertfile option
9301 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9303 * lib/gnutls_handshake.c: make a short list of the available PK
9306 2013-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9308 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
9309 lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign
9310 and verification flags to operate in RSA raw mode (as used in TLS).
9312 2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9314 * lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow
9315 for a wrong version in the RSA PMS.
9317 2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9319 * lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c,
9320 lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c:
9321 convert gnutls versions to TLS major-minor in a single function.
9323 2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9325 * devel/perlasm/license-gnutls.txt,
9326 lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
9327 lib/accelerated/x86/coff/cpuid-x86-coff.s,
9328 lib/accelerated/x86/elf/cpuid-x86-64.s,
9329 lib/accelerated/x86/elf/cpuid-x86.s,
9330 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
9331 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
9332 lib/ext/status_request.h, lib/gnutlsxx.cpp,
9333 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
9334 lib/includes/gnutls/x509.h, lib/libgnutls.map,
9335 lib/x509/verify-high.h: changed license headers to 2.1. Reported by
9338 2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9342 2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9344 * doc/manpages/Makefile.am: updated copyright
9346 2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9348 * NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c,
9349 lib/crypto-api.c, lib/includes/gnutls/crypto.h,
9350 lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size()
9352 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9356 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9358 * lib/gnutls_privkey.c: doc update
9360 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9362 * doc/cha-internals.texi: corrected file location
9364 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9366 * tests/openpgp-auth.c: use return instead of exit
9368 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9370 * lib/auth/cert.c: use the proper defines
9372 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9374 * NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c,
9375 lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h,
9376 lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with
9377 fingerprints. Reported by Joke de Buhr.
9379 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9381 * tests/openpgp-auth.c: openpgp-auth tests
9382 gnutls_openpgp_set_recv_key_function() as well.
9384 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9386 * NEWS, lib/gnutls_sig.c: correct issue with the (deprecated)
9387 external key signing and TLS 1.2
9389 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9391 * src/benchmark.c: use clock_gettime when we can
9393 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9395 * src/benchmark-cipher.c: removed R20
9397 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9399 * NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
9400 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
9401 src/benchmark-tls.c: Salsa20R20 -> Salsa20
9403 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9405 * lib/libgnutls.map, tests/gc.c: use the exported variant of
9406 _gnutls_hmac_fast().
9408 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9410 * NEWS, lib/accelerated/cryptodev.c,
9411 lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c,
9412 lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
9413 lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
9414 lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
9415 lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
9416 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
9417 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
9418 lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c,
9419 lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4,
9420 src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can
9421 now be used for other MAC algorithms, like UMAC. UMAC-96 and
9422 UMAC-128 were conditionally added.
9424 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9426 * src/benchmark-tls.c: use RSA ciphersuite to compare ciphers.
9428 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9430 * lib/gnutls_cipher.c: corrected bug in stream ciphers and added new
9431 cipher to the new padding format.
9433 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9435 * NEWS, lib/algorithms.h, lib/algorithms/ciphers.c,
9436 lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
9437 lib/gnutls_constate.c, lib/gnutls_dtls.c,
9438 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
9439 lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c,
9440 lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c,
9441 src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites.
9443 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9445 * lib/pkcs11.c: search only for slots with tokens and avoid caching
9446 to prevent issues with multiple threads.
9448 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9452 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9454 * doc/cha-tokens.texi, lib/gnutls_privkey.c,
9455 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
9456 gnutls_privkey_status()
9458 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9460 * lib/pkcs11.c: avoid internal error
9462 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9464 * lib/pkcs11.c: use correct type for rv
9466 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9470 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9472 * lib/pkcs11.c: scan slots on PKCS #11 providers only when needed,
9473 not on initialization.
9475 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9477 * lib/gnutls_privkey.c: doc update
9479 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9481 * doc/cha-library.texi: documented the new configure options
9483 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9485 * NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c,
9486 lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private
9487 key parameters are overwritten with zeros on deinitialization.
9489 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9491 * doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib:
9494 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9496 * doc/cha-tokens.texi: simplified text
9498 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9500 * configure.ac, m4/hooks.m4: bumped version
9502 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9504 * NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
9505 lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
9506 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
9507 gnutls_privkey_sign_raw_data()
9509 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9511 * lib/gnutls_pcert.c: simplified code
9513 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9515 * src/serv.c: gnutls-serv may run without certificate, but will
9518 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9520 * src/serv.c: gnutls-serv issues an error if no certificate and key
9523 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9525 * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1
9527 2013-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9529 * lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
9530 lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added
9531 several ifdefs to avoid using disabled code.
9533 2013-03-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
9535 * doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for
9536 *_key_id() creation. For the rationale behind this, see the gnutls-devl thread 'X.509
9537 "Key Identifiers" in GnuTLS' found either at
9539 http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland
9540 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
9542 2013-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9544 * NEWS, doc/examples/ex-cert-select-pkcs11.c,
9545 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
9546 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
9547 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
9548 lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
9549 lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc()
9551 2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9553 * configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
9554 lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c,
9555 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c,
9556 lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
9557 lib/auth/ecdhe.c, lib/auth/ecdhe.h, lib/auth/rsa_export.c,
9558 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
9559 lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
9560 m4/hooks.m4: Added options to disable more key exchange mechanisms. In that DHE was separated from ECDHE.
9562 2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9564 * src/serv.c: removed unneeded code
9566 2013-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9568 * src/cli.c: When requesting DANE data resolve a service name into a
9569 port number. Reported by James Cloos.
9571 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9575 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9577 * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update
9579 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9581 * lib/x509/dn.c: avoid duplicate memory allocation in
9582 _gnutls_x509_get_dn()
9584 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9586 * tests/cert-tests/dane-test.rr: The default dane output is type 03
9589 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9591 * lib/gnutls_x509.c: simplified
9593 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9595 * lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return
9596 proper also when loading a private key.
9598 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9600 * lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER ->
9601 GNUTLS_TPMKEY_FMT_RAW
9603 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9605 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c:
9606 return unimplemented feature on encounter of a known but unsupported
9609 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9611 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
9612 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
9613 src/danetool.c: updates in danetool
9615 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9617 * Makefile.am, configure.ac: Added configure option to disable the
9620 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9622 * doc/invoke-certtool.texi, src/certtool-args.c,
9623 src/certtool-args.def, src/certtool-args.h: updated example
9626 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9628 * tests/suite/ecore/src/lib/Ecore.h: updated
9630 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9632 * lib/x509_b64.c: corrected allocation size
9634 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9636 * lib/gnutls_ui.c: simplified text
9638 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9640 * configure.ac: Fixes in cpu and cross-compilation detection
9642 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9644 * lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c,
9645 lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn().
9647 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9649 * lib/system.c: check revocation prior to reading local certs.
9651 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9653 * lib/x509/verify-high.c: deinitialize the certificate
9655 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9659 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9661 * configure.ac: When cross compiling do not check for ca
9664 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9666 * configure.ac: auto-detect CA certificates only if
9667 with-default-trust-store-file is not provided.
9669 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9671 * lib/system.c: corrected parameters.
9673 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9675 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
9676 lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c,
9677 tests/x509cert-tl.c: Added functions that remove certificates from a
9680 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9682 * libdane/includes/gnutls/dane.h: updated doc
9684 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9686 * lib/system.c: Check for revoked certs in android and do not add.
9687 Suggested by David Woodhouse.
9689 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9691 * lib/system.c: corrected add_system_trust() in the unsupported
9694 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9696 * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
9697 lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c,
9698 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several
9699 optimizations on certificate comparisons including DN. This speeds
9700 up CA certificate loading, and certificate verification.
9702 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9704 * lib/x509/verify-high.c: Revert "When making the hash list of the
9705 CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14.
9707 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9711 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9713 * lib/x509/verify-high.c: When making the hash list of the CAs avoid
9714 calling get_raw_*_dn() which is very costly.
9716 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9718 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
9719 lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c,
9720 lib/x509/x509_int.h: Added new functions to get the LDAP DN in an
9723 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9725 * src/cli.c: Removed unused code.
9727 2013-03-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
9729 * lib/x509/x509_write.c: fix description of id_size parameter
9731 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9733 * lib/system.c: handle the interesting variance between directories
9735 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9737 * lib/system.c: test for ANDROID or __ANDROID__
9739 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9741 * build-aux/ar-lib: updated
9743 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9745 * configure.ac: call gl_EARLY earlier, and add AM_PROG_AR.
9747 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9749 * lib/gnutls.pc.in: corrected link
9751 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9753 * configure.ac: removed Werror from automake rules
9755 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9757 * doc/Makefile.am: Added flag
9759 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9761 * .gitignore, ChangeLog: removed
9763 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9765 * lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation
9766 of programs that cannot be.
9768 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9770 * lib/system.c: more simplifications to
9771 gnutls_x509_trust_list_add_system_trust()
9773 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9777 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9779 * lib/system.c: corrected reading from directory.
9781 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9783 * lib/system.c: gnutls_x509_trust_list_add_system_trust() was made
9784 to work in android 4.x.
9786 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9790 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9792 * lib/system.c: More cleanups in
9793 gnutls_x509_trust_list_add_system_trust()
9795 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9797 * configure.ac: Select CPU optimizations based on target cpu rather
9800 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9802 * lib/Makefile.am, lib/system.c: some simplifications in
9803 gnutls_x509_trust_list_add_system_trust()
9805 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9807 * NEWS, src/certtool.c: Use ARCFOUR cipher by default to be
9808 compatible with devices like android that don't support AES
9810 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9812 * NEWS, doc/invoke-danetool.texi, libdane/dane.c,
9813 libdane/includes/gnutls/dane.h, src/danetool-args.c,
9814 src/danetool-args.def, src/danetool-args.h, src/danetool.c,
9815 tests/suite/Makefile.am, tests/suite/testdane: Added verify flags
9816 for DANE to enforce verification and restrict it to a field.
9818 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9820 * .gitignore, ChangeLog: added empty ChangeLog
9822 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9824 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
9825 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
9826 build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h,
9827 build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
9828 build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
9829 gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c,
9830 gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h,
9831 gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h,
9832 gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c,
9833 gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c,
9834 gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c,
9835 gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h,
9836 gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c,
9837 gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h,
9838 gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c,
9839 gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
9840 gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h,
9841 gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c,
9842 gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
9843 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
9844 gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
9845 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
9846 gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
9847 gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
9848 gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c,
9849 gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
9850 gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
9851 gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
9852 gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
9853 gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4,
9854 gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
9855 gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4,
9856 gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
9857 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4,
9858 gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4,
9859 gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
9860 gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
9861 gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4,
9862 gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4,
9863 gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
9864 gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
9865 gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
9866 gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
9867 gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
9868 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
9869 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
9870 gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4,
9871 gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
9872 gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4,
9873 gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
9874 gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
9875 gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4,
9876 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4,
9877 gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
9878 gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
9879 gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4,
9880 gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4,
9881 gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4,
9882 gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4,
9883 gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4,
9884 gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
9885 gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
9886 gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
9887 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
9888 gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4,
9889 gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4,
9890 gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
9891 gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
9892 gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
9893 gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
9894 gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
9895 gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4,
9896 gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4,
9897 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
9898 gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
9899 gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
9900 gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
9901 gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
9902 gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
9903 gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
9904 gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4,
9905 gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
9906 gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4,
9907 gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4,
9908 gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
9909 gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
9910 gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
9911 gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
9912 gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
9913 gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
9914 gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
9915 gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h,
9916 gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
9917 gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
9918 gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
9919 gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
9920 gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
9921 gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
9922 gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c,
9923 gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c,
9924 gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
9925 gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
9926 gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c,
9927 gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h,
9928 gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
9929 gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
9930 gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
9931 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
9932 gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
9933 gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c,
9934 gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
9935 gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
9936 gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
9937 gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c,
9938 gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c,
9939 gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
9940 gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh,
9941 gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h,
9942 gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c,
9943 gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h,
9944 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
9945 gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c,
9946 gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c,
9947 gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c,
9948 gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c,
9949 gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
9950 gl/tests/test-accept.c, gl/tests/test-alloca-opt.c,
9951 gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
9952 gl/tests/test-arpa_inet.c, gl/tests/test-base64.c,
9953 gl/tests/test-binary-io.c, gl/tests/test-bind.c,
9954 gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
9955 gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c,
9956 gl/tests/test-close.c, gl/tests/test-connect.c,
9957 gl/tests/test-dirent.c, gl/tests/test-dup2.c,
9958 gl/tests/test-environ.c, gl/tests/test-errno.c,
9959 gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
9960 gl/tests/test-fgetc.c, gl/tests/test-float.c,
9961 gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c,
9962 gl/tests/test-fread.c, gl/tests/test-frexp.c,
9963 gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
9964 gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
9965 gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
9966 gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
9967 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
9968 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
9969 gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
9970 gl/tests/test-func.c, gl/tests/test-fwrite.c,
9971 gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
9972 gl/tests/test-getdelim.c, gl/tests/test-getline.c,
9973 gl/tests/test-getopt.c, gl/tests/test-getopt.h,
9974 gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
9975 gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c,
9976 gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c,
9977 gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
9978 gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
9979 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
9980 gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c,
9981 gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
9982 gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
9983 gl/tests/test-isnanl.h, gl/tests/test-listen.c,
9984 gl/tests/test-locale.c, gl/tests/test-localename.c,
9985 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
9986 gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
9987 gl/tests/test-math.c, gl/tests/test-memchr.c,
9988 gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
9989 gl/tests/test-open.c, gl/tests/test-open.h,
9990 gl/tests/test-pathmax.c, gl/tests/test-perror.c,
9991 gl/tests/test-perror2.c, gl/tests/test-pipe.c,
9992 gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
9993 gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
9994 gl/tests/test-read-file.c, gl/tests/test-recv.c,
9995 gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
9996 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
9997 gl/tests/test-select.h, gl/tests/test-send.c,
9998 gl/tests/test-sendto.c, gl/tests/test-setenv.c,
9999 gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c,
10000 gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
10001 gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
10002 gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
10003 gl/tests/test-sockets.c, gl/tests/test-stat.c,
10004 gl/tests/test-stat.h, gl/tests/test-stdalign.c,
10005 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
10006 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
10007 gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
10008 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
10009 gl/tests/test-string.c, gl/tests/test-strings.c,
10010 gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
10011 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
10012 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
10013 gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
10014 gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
10015 gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
10016 gl/tests/test-sysexits.c, gl/tests/test-time.c,
10017 gl/tests/test-u64.c, gl/tests/test-unistd.c,
10018 gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c,
10019 gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh,
10020 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
10021 gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
10022 gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
10023 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
10024 gl/tests/unistr/test-u8-mbtoucr.c,
10025 gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c,
10026 gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
10027 gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
10028 gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
10029 gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c,
10030 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
10031 gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
10032 gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk:
10035 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10037 * lib/libgnutls.map: Added gnutls_pkcs11_privkey_status
10039 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10041 * doc/Makefile.am, doc/invoke-certtool.texi,
10042 doc/manpages/Makefile.am: updated
10044 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10046 * NEWS, configure.ac, m4/hooks.m4: bumped version
10048 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10050 * lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c,
10051 lib/gnutls_session_pack.c: small optimizations in session storage
10053 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10055 * lib/gnutls_state.c: no need to memset during session deinit.
10057 2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10059 * NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation
10062 2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10064 * lib/gnutls_db.c, lib/gnutls_handshake.c,
10065 lib/gnutls_session_pack.c: Small fixes.
10067 2013-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10069 * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added
10070 gnutls_pkcs11_privkey_status().
10072 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10074 * lib/x509/verify.c: doc update
10076 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10078 * libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h:
10079 when verifying a DANE CA constraint make sure that the provided
10080 chain is actually a chain.
10082 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10084 * libdane/dane.c: doc update
10086 2013-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10088 * doc/cha-tokens.texi: mention enable-in in p11-kit config.
10090 2013-02-20 Jaak Ristioja <jaak.ristioja@cyber.ee>
10092 * lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code
10093 functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix
10094 compilation of certtool when PSK is disabled. These are rather generic functions by nature, so it would be
10095 reasonable to include them in GnuTLS even if PSK support is
10096 disabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10098 2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10100 * lib/pkcs11.c: print info on reinitializor error.
10102 2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10104 * doc/cha-cert-auth.texi: Documented the DANE situation in gnutls.
10105 Suggested by Gabor Toth.
10107 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10109 * NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize
10112 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10114 * lib/pkcs11.c: return proper error
10116 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10120 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10122 * src/serv.c: use set_int when needed
10124 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10126 * lib/ext/session_ticket.c, lib/gnutls_datum.c,
10127 lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c,
10128 lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use
10129 gnutls_realloc_fast everywhere. Suggested by David Woodhouse.
10131 2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10133 * lib/auth/rsa.c: better cleanup on error on export case
10135 2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10137 * lib/x509/x509.c: corrected parsing issue in XMPP data when in a
10138 subject alternative name
10140 2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10142 * doc/cha-tokens.texi, lib/gnutls_record.c,
10143 lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up
10144 the PIN calling in TPM
10146 2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10148 * NEWS, doc/cha-gtls-app.texi,
10149 doc/examples/ex-cert-select-pkcs11.c,
10150 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
10151 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
10152 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
10153 doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
10154 doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
10155 doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c,
10156 lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
10157 lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience
10158 functions to avoid ugly casting in simple programs.
10160 2013-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10162 * doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be
10163 more explicit in DTLS examples to account for LARGE_PACKET error
10165 2013-02-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
10167 * lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use
10169 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10171 * NEWS: documented fix
10173 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10175 * lib/libgnutls.map: corrected export of functions
10177 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10179 * NEWS: documented fix
10181 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10183 * lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data()
10185 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10187 * lib/x509/verify-high.c: reduced hash table size
10189 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10191 * lib/gnutls_pubkey.c: doc update
10193 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10195 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const
10197 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10199 * NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
10200 lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
10201 lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random
10202 -> gnutls_handshake_set_random
10204 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10206 * lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms
10208 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10210 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
10211 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
10212 gnutls_handshake_set_server_random
10214 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10216 * lib/nettle/rnd.c: properly set close-on-exec.
10218 2013-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10220 * doc/examples/ex-serv-anon.c: avoid ptrdiff_t
10222 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10224 * NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for
10225 a password to generate PKCS #12 files. That is when provided an encrypted key file. Reported by Yan Fiz.
10227 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10229 * lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS
10231 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10233 * tests/Makefile.am: removed duplicate
10235 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10237 * doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates
10239 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10241 * tests/Makefile.am: slow tests moved at the end of the suite
10243 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10245 * lib/gnutls_buffers.c: simplified cleaning-up in
10246 _gnutls_stream_read and _gnutls_dgram_read
10248 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10250 * lib/nettle/pk.c: corrected extract_digest_info
10252 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10254 * lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client
10255 side the verify callback is always being called.
10257 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10259 * lib/gnutls_priority.c: further relaxed security levels
10261 2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
10263 * Makefile.am, configure.ac: Add option to disable generation of any
10264 documentation for GnuTLS.
10266 2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
10268 * Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am:
10269 Prevent libdane pkgconfig stuff from being installed if libdane
10270 support is disabled.
10272 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10274 * NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8
10276 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10278 * NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and
10281 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10283 * lib/algorithms/secparams.c: reduced the very weak DH level to 768
10284 bits to not reject popular sites that operate on that level.
10286 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10288 * lib/auth/dh_common.c: added debugging message to indicate the
10291 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10293 * lib/gnutls_handshake.c: Do not call the certificate verification
10294 callback if certificates are ignored.
10296 2013-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10298 * lib/gnutls_record.c: avoid memset on the whole record header
10301 2013-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10303 * NEWS, lib/x509/privkey.c: fixed issue in
10304 gnutls_x509_privkey_import2()
10306 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10308 * doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib,
10309 lib/tpm.c: reference TPMURI
10311 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10313 * lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc
10315 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10317 * lib/nettle/pk.c: corrected typo
10319 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10321 * lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work
10322 with arbitrary key sizes.
10324 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10326 * lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added
10327 a magic number in front session DB data.
10329 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10331 * lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand.
10333 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10335 * NEWS, lib/gnutls_cipher.c: update
10337 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10339 * tests/cert-tests/ca-no-pathlen.pem: test update
10341 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10343 * doc/cha-functions.texi, doc/manpages/Makefile.am: update
10345 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10347 * doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c:
10350 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10354 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10356 * doc/invoke-gnutls-cli.texi: doc update
10358 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10360 * lib/gnutls_range.c: document limitation
10362 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
10364 * lib/gnutls_range.c: Make sure we don't fail if writing gets
10367 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10369 * tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't
10372 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10374 * NEWS: documented fix
10376 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10378 * NEWS: postpone the change
10380 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10382 * COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.
10384 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10386 * tests/suite/mini-record-timing.c: updated test
10388 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10390 * lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a
10391 timing attack in TLS CBC record parsing.
10393 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10397 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10399 * lib/gnutls_extensions.c, lib/gnutls_record.c: only register
10400 heartbeat if it is enabled.
10402 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10404 * COPYING.LESSER: license is again LGPLv2.1
10406 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10408 * configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
10409 m4/hooks.m4: updated heartbeat code, and made it optional.
10411 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10413 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo
10415 2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10417 * lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c,
10418 lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
10419 lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use
10420 LGPLv2.1 in the files their author's agreed to.
10422 2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10424 * lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
10425 lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA
10426 to specify trusted CA certificates.
10428 2013-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10430 * NEWS: added new func
10432 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10434 * lib/gnutls_session_pack.c: corrected session resumption
10436 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10438 * lib/gnutls_db.c: simplified DB storing
10440 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10442 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c:
10443 Applied disable SNI patch from Daniel.
10445 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10447 * lib/gnutls_db.c: remove function is not required to add or
10450 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10452 * lib/abstract_int.h, lib/accelerated/accelerated.c,
10453 lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
10454 lib/accelerated/x86/aes-gcm-padlock.c,
10455 lib/accelerated/x86/aes-gcm-x86.c,
10456 lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
10457 lib/accelerated/x86/hmac-padlock.c,
10458 lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h,
10459 lib/algorithms.h, lib/algorithms/cert_types.c,
10460 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
10461 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
10462 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
10463 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
10464 lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
10465 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
10466 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c,
10467 lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk.h,
10468 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
10469 lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
10470 lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
10471 lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
10472 lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h,
10473 lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
10474 lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
10475 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
10476 lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
10477 lib/ext/server_name.c, lib/ext/server_name.h,
10478 lib/ext/session_ticket.c, lib/ext/session_ticket.h,
10479 lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
10480 lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/gnutls_alert.c,
10481 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
10482 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
10483 lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
10484 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
10485 lib/gnutls_compress.h, lib/gnutls_constate.c,
10486 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
10487 lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
10488 lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
10489 lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c,
10490 lib/gnutls_errors.h, lib/gnutls_extensions.c,
10491 lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
10492 lib/gnutls_handshake.c, lib/gnutls_handshake.h,
10493 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
10494 lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c,
10495 lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
10496 lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
10497 lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
10498 lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
10499 lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
10500 lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_record.h,
10501 lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
10502 lib/gnutls_session.c, lib/gnutls_session_pack.c,
10503 lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
10504 lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
10505 lib/gnutls_state.h, lib/gnutls_str.h, lib/gnutls_str_array.h,
10506 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
10507 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
10508 lib/gnutls_x509.c, lib/gnutls_x509.h,
10509 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
10510 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
10511 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
10512 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
10513 lib/includes/gnutls/tpm.h, lib/locks.c, lib/locks.h,
10514 lib/nettle/cipher.c, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
10515 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
10516 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c,
10517 lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c,
10518 lib/nettle/ecc_projective_check_point.c,
10519 lib/nettle/ecc_projective_dbl_point_3.c,
10520 lib/nettle/ecc_projective_isneutral.c,
10521 lib/nettle/ecc_projective_negate_point.c,
10522 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
10523 lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/egd.h,
10524 lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
10525 lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/wmnaf.c,
10526 lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
10527 lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
10528 lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h,
10529 lib/opencdk/misc.c, lib/opencdk/new-packet.c,
10530 lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
10531 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
10532 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
10533 lib/opencdk/stream.h, lib/opencdk/types.h,
10534 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
10535 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
10536 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
10537 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
10538 lib/openpgp/privkey.c, lib/pin.c, lib/pkcs11.c, lib/pkcs11_int.h,
10539 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/random.c,
10540 lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
10541 lib/tpm.c, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h,
10542 lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
10543 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
10544 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/pbkdf2-sha1.c,
10545 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
10546 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
10547 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
10548 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
10549 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h,
10550 lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h: Use LGPLv2.1
10551 in the files their author's agreed to.
10553 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10555 * lib/gnutls_db.c, lib/gnutls_session_pack.c,
10556 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
10557 gnutls_db_check_entry_time().
10559 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10561 * lib/gnutls_db.c: deprecated problematic function
10563 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10565 * NEWS, lib/gnutls_db.c, lib/gnutls_handshake.c,
10566 lib/gnutls_session_pack.c: Fixes in server side of DTLS-0.9.
10568 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10570 * lib/includes/gnutls/xssl.h: corrected typo
10572 2013-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10574 * lib/gnutls_record.c: uncork doesn't do anything when the session
10575 is already in flush mode
10577 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10579 * .gitignore, doc/.gitignore: more files to ignore
10581 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10583 * doc/cha-gtls-examples.texi, lib/includes/gnutls/xssl.h: doc update
10585 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10587 * NEWS, configure.ac, m4/hooks.m4: bumped version
10589 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10591 * doc/latex/cover.tex: Added Alfredo
10593 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10595 * doc/cha-gtls-examples.texi, doc/gnutls.texi, doc/latex/cover.tex:
10596 updated doc for XSSL
10598 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10600 * doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c,
10601 doc/examples/ex-client-xssl2.c: Added XSSL client examples.
10603 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10605 * lib/Makefile.am, lib/libgnutls.map, tests/Makefile.am: Fixed
10606 compilation of mini-xssl.
10608 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10610 * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: small fixes
10612 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10614 * NEWS, lib/Makefile.am, m4/hooks.m4: xssl API moved to xssl library
10616 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10618 * NEWS: updated text
10620 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10622 * doc/cha-gtls-app.texi: Comment out new padding until it is
10623 standardized or at least approved by the WG.
10625 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10627 * doc/Makefile.am, doc/doc.mk: fix xssl
10629 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10631 * src/cli-debug.c: Corrected issue in gnutls-cli-debug which tried
10632 connections to multiple hosts. gnutls-cli-debug was trying to connect to all possible IP addresses
10633 of the host and failed if any was unavailable. Now it tries
10634 sequentially and accepts the first that is working. Reported by
10635 Daniel Kahn Gillmor.
10637 2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10641 2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10643 * .gitignore, NEWS: updated NEWS
10645 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10647 * lib/crypto-api.c: Fix AEAD out-of-place decryption
10649 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10651 * tests/suite/mini-record-timing.c: updated test
10653 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10655 * NEWS, lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_errors.c,
10656 lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
10657 lib/includes/gnutls/sbuf.h, lib/includes/gnutls/xssl.h,
10658 lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
10659 lib/xssl.c, lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
10660 tests/mini-sbuf.c, tests/mini-xssl.c: Added new interface.
10662 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10664 * lib/gnutls_handshake.c: propagate the error of the verify
10667 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10669 * lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c: updates
10672 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10674 * NEWS, lib/crypto-backend.h, lib/gnutls_state.c,
10675 lib/includes/gnutls/crypto.h, lib/nettle/rnd.c, lib/random.c,
10676 lib/random.h: Added gnutls_rnd_refresh().
10678 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10680 * lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h,
10681 lib/gnutls_ui.c: Keep the legacy dh_prime_bits.
10683 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10685 * lib/gnutls_int.h, lib/includes/gnutls/sbuf.h, lib/sbuf.c,
10686 lib/sbuf.h, lib/verify-tofu.c: updated sbuf interface.
10688 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10690 * NEWS: updated news
10692 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10694 * NEWS, lib/nettle/rnd.c: No need to cache events with the current
10697 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10699 * lib/ext/heartbeat.c: use nonces instead of random data
10701 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10703 * tests/mini-sbuf.c: free all resources
10705 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10707 * lib/nettle/rnd.c: nonces update the internal rng state much
10710 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10712 * NEWS, lib/algorithms/secparams.c, lib/gnutls_int.h,
10713 lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c,
10714 lib/includes/gnutls/gnutls.h.in: Instead of setting directly the
10715 number of DH bits, set a security parameter per session.
10717 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10719 * NEWS, lib/auth/dh_common.c, lib/gnutls_int.h,
10720 lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
10721 lib/gnutls_ui.c: The minimum DH prime bits are now set by the
10722 priority strings (that means they are increased for the SECURE
10725 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10727 * configure.ac: warnings doesn't imply Werror
10729 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10731 * doc/TODO: updated
10733 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10735 * lib/gnutls_ui.c: disable gnutls_certificate_get_peers_subkey_id()
10738 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10740 * lib/nettle/rnd.c: optimized random generator.
10742 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10744 * configure.ac: check for getpid().
10746 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10748 * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
10749 lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_state.c:
10750 _dtls_timespec_sub_ms -> timespec_sub_ms
10752 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10754 * lib/algorithms.h, lib/algorithms/mac.c: Avoid many indirect calls.
10756 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10758 * lib/nettle/rnd.c: reduced calls to getpid
10760 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10762 * lib/nettle/rnd.c: use the more precise gettime() instead of
10765 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10767 * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in:
10768 gnutls_range_split accepts pointers as arguments.
10770 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
10772 * NEWS, doc/Makefile.am, lib/gnutls_range.c,
10773 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Make
10774 gnutls_range_split available from the GnuTLS API
10776 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
10778 * .gitignore, NEWS, lib/libgnutls.map: - Remove references to the (now renamed) gnutls_range_send_message -
10779 Ignore sbuf-api generated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10781 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10783 * lib/auth/psk.h: Some fix when disable-psk-authentication is
10784 specified. Based on patch by Jaak Ristioja.
10786 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10788 * lib/x509/x509_dn.c: rewritten DN parsing code.
10790 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10792 * tests/cert-tests/Makefile.am, tests/cert-tests/template-dn.pem,
10793 tests/cert-tests/template-dn.tmpl, tests/cert-tests/template-test:
10794 test the DN functionality of certtool.
10796 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10798 * tests/cert-tests/dane: dane test no longer fails if danetool isn't
10801 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10803 * lib/system.c, lib/tpm.c, lib/x509/common.c,
10804 lib/x509/pkcs12_encr.c, lib/x509/x509_dn.c: use the non-locale
10805 dependent versions of isxxx functions.
10807 2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10809 * lib/sbuf.c: allow writes of more than the maximum record data.
10811 2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10813 * NEWS, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
10814 lib/includes/gnutls/gnutls.h.in: introduced gnutls_cork() and
10817 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10819 * NEWS, lib/Makefile.am, lib/includes/gnutls/sbuf.h,
10820 lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
10821 tests/mini-sbuf.c: Added gnutls_sbuf_getdelim() and getline().
10823 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10825 * NEWS, doc/invoke-gnutls-cli.texi: doc updates
10827 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10829 * lib/gnutls_cipher.c, lib/gnutls_range.c, lib/gnutls_record.c,
10830 lib/gnutls_record.h: Small changes and a sanity check
10832 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10834 * lib/x509/ocsp_output.c, lib/x509/output.c: print static strings
10835 without a printf-like function.
10837 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10839 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
10840 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
10841 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
10842 src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c,
10843 src/socket.h: Updated ranges patch.
10845 2013-01-22 Alfredo Pironti <alfredo@pironti.eu>
10847 * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
10848 doc/invoke-gnutls-cli.texi, lib/Makefile.am,
10849 lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
10850 lib/gnutls_cipher.h, lib/gnutls_int.h, lib/gnutls_priority.c,
10851 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
10852 lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.def,
10853 src/cli-args.h, src/cli.c, src/socket.c, src/socket.h,
10854 tests/mini-record.c: GnuTLS Length Hiding patch. - Remove random padding; use minimal padding with legacy interface - With new interface, use LH when possible, that is in CBC mode or
10855 with the new padding extension - Rename priority to "NEW_PADDING" - gnutls-cli: add command line switch --ranges using LH when
10856 possible. - Update documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10858 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10860 * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
10861 lib/libgnutls.map: changed function name to
10862 gnutls_session_force_valid.
10864 2013-01-22 Martin Storsjo <martin@martin.st>
10866 * lib/gnutls.pc.in: Update Libs.private with @LIB_CLOCK_GETTIME@ as
10867 well This is required when linking as static libraries on linux, for
10868 -lrt. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10870 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10872 * lib/gnutls_priority.c: set a default error position.
10874 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10876 * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
10877 lib/libgnutls.map: Added gnutls_session_clear_invalid
10879 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10881 * doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: updated docs
10884 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10886 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
10887 lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added
10888 gnutls_record_set_timeout().
10890 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10892 * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
10893 lib/includes/gnutls/sbuf.h, lib/sbuf.c: updated sbuf layer.
10895 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10897 * doc/invoke-certtool.texi: Updated doc
10899 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10901 * src/certtool-common.c: corrected C parameter generation.
10903 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10905 * configure.ac, lib/Makefile.am, lib/gnutls.pc.in: Updated
10906 Libs.private with all the required libraries
10908 2013-01-21 Martin Storsjo <martin@martin.st>
10910 * lib/gnutls.pc.in: Include libiconv in Libs.private This makes static linking succeed if the library is configured to
10911 use libiconv. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10913 2013-01-21 Martin Storsjo <martin@martin.st>
10915 * lib/gnutls_global.c, lib/verify-tofu.c: Define _gnutls_file_mutex
10916 in gnutls_global.c instead of in verify-tofu.c This fixes issues with linking the tools on OS X if not building
10917 shared libraries. Currently, if building with --disable-shared on OS X, the build
10918 fails with: CCLD gnutls-serv Undefined symbols for architecture x86_64: "__gnutls_file_mutex", referenced from: _gnutls_global_deinit in libgnutls.a(gnutls_global.o) _gnutls_global_init in libgnutls.a(gnutls_global.o) ld:
10919 symbol(s) not found for architecture x86_64 It seems that the linker fails to pull in verify-tofu.o to satisfy
10920 the undefined reference to _gnutls_file_mutex.o in gnutls_global.o
10921 unless gnutls_global.o (or any other object file in the link) also
10922 calls functions that pulls in verify-tofu.o. Since gnutls_global.o
10923 always is linked in, but verify-tofu.o can be left out unless
10924 someone calls the functions in it, defining the mutex in
10925 gnutls_global.c makes sense and simplifies the dependencies. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10927 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10929 * src/Makefile.am, src/certtool-args.c, src/certtool-args.def,
10930 src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
10931 src/certtool.c, src/dh.c: Added --cprint option to certtool
10933 2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10935 * doc/README.CODING_STYLE: updated coding style
10937 2013-01-20 Alon Bar-Lev <alon.barlev@gmail.com>
10939 * src/Makefile.am: build: add danetool-args.c to BUILT_SOURCES Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
10940 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10942 2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10944 * .gitignore, tests/suite/Makefile.am,
10945 tests/suite/mini-record-timing.c: Added program to estimate the
10946 timings in different record paddings.
10948 2013-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10950 * doc/invoke-danetool.texi, libdane/dane.c,
10951 libdane/includes/gnutls/dane.h, src/danetool-args.c,
10952 src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
10953 --insecure flag to danetool.
10955 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10957 * src/certtool.c, tests/cert-tests/template-test.pem,
10958 tests/cert-tests/template-utf8.pem: modified certtool order of DN
10961 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10963 * tests/mini-sbuf.c: properly deinitialized sbuf
10965 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10967 * tests/mini-dtls-record.c: initialize buffer before sending.
10969 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10971 * NEWS, tests/dn2.c: corrected test for new names and updated news.
10973 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10975 * NEWS, libdane/dane.c, libdane/errors.c,
10976 libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
10977 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
10978 src/danetool.c: Added options to specify a DLV file. Suggested by
10981 2013-01-17 Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>
10983 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
10984 lib/x509/x509_dn.c: Added gnutls_x509_crt_set_issuer_dn().
10986 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10988 * doc/invoke-certtool.texi: updated certtool doc
10990 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10992 * NEWS, doc/TODO, doc/cha-cert-auth2.texi,
10993 lib/includes/gnutls/x509.h, lib/libgnutls.map,
10994 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
10995 lib/x509/x509_dn.c, src/certtool-args.c, src/certtool-args.def,
10996 src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h,
10997 src/certtool.c: Added functions to directly set the DN in a
10998 certificate or request from an RFC4514 string.
11000 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11002 * .gitignore: more files to ignore
11004 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11006 * NEWS, doc/cha-gtls-app.texi, lib/Makefile.am,
11007 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/sbuf.c,
11008 tests/Makefile.am, tests/mini-sbuf.c: Added functions to assist
11009 buffering during transmission. Added the gnutls_sbuf_t structure and accompanying functions to
11010 enable buffering in sending application data.
11012 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11014 * libdane/dane-params.c: corrected copyright.
11016 2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11018 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
11019 lib/nettle/rnd.c: Added new error code GNUTLS_E_RANDOM_DEVICE_ERROR.
11021 2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11023 * lib/nettle/egd.c: Corrected issue when an EGD device was not
11024 found. Reported by Joshua Phillips.
11026 2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11028 * cfg.mk: Added config rule
11030 2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11032 * doc/examples/ex-client-x509.c: doc fix
11034 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11036 * lib/x509/pkcs12.c: doc fix
11038 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11040 * lib/pkcs11.c: small updates
11042 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11044 * doc/reference/gnutls-docs.sgml: update
11046 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11048 * lib/x509/crq.c: simplified naming
11050 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11052 * doc/reference/gnutls-docs.sgml: update
11054 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11056 * lib/ext/status_request.c, lib/gnutls_dh_primes.c,
11057 lib/gnutls_ui.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
11058 lib/pkcs11.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
11059 lib/x509/pkcs7.c, lib/x509/x509.c: Added correct since
11061 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11063 * doc/latex/gnutls.tex: added babel (not sure why)
11065 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11067 * doc/reference/gnutls-docs.sgml: updated for 3.1
11069 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11071 * lib/nettle/pk.c: corrected error code
11073 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11075 * cross.mk: updated makefile
11077 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11079 * configure.ac: use AC_CONFIG_HEADER. Reported by Marko Lindqvist
11081 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11083 * NEWS: documented updates
11085 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11087 * lib/gnutls_record.c: corrected typo
11089 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11091 * lib/libgnutls.map: updated exported function name
11093 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11097 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11099 * doc/cha-gtls-app.texi, lib/ext/new_record_padding.c,
11100 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
11101 tests/mini-record.c: NEW_RECORD_PADDING priority string was renamed
11104 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11106 * lib/gnutls_cipher.c: corrected compression.
11108 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11110 * lib/includes/gnutls/x509.h: removed utf8 chars
11112 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11114 * doc/latex/gnutls.tex: updates in output
11116 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11118 * tests/mini-record.c: Added checks for new record padding format.
11120 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11122 * lib/gnutls_cipher.c, lib/gnutls_record.c: better checks in new
11125 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11127 * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: use
11128 padding also if in DTLS.
11130 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11132 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
11133 some simplifications
11135 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11137 * lib/gnutls_dtls.c: use new_record_padding in DTLS data mtu
11140 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11142 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
11143 simplified decryption
11145 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11147 * lib/ext/new_record_padding.c: removed debugging
11149 2012-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11151 * lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
11152 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
11153 lib/gnutls_cipher.c, lib/gnutls_extensions.c,
11154 lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
11155 lib/gnutls_priority.c, lib/gnutls_record.c,
11156 lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in,
11157 lib/libgnutls.map: Added a new record padding mechanism. It is negotiated via an extension and record data are now formatted
11158 as: ciphered-struct { opaque pad<0..2^16-1> opaque content[TLSCompressed.length]; opaque MAC[CipherSpec.hash_size]; } The ciphered-struct size is
11159 always 0 modulo the block size in block ciphers to avoid any need
11160 for additional padding. Added extension to negotiate new record padding.
11162 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11164 * .gitignore, tests/Makefile.am, tests/mini-dtls-record.c: Added
11165 test for duplicate packet detection in DTLS.
11167 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11169 * lib/gnutls_dtls.c, lib/gnutls_int.h: Simplified DTLS sliding
11170 window implementation.
11172 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11174 * lib/gnutls_record.c: Termination when expecting an alert is
11175 handled gracefully in DTLS.
11177 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11179 * NEWS: living in the past
11181 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11183 * NEWS, m4/hooks.m4: bumped library version
11185 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11187 * NEWS: updated news
11189 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11191 * doc/cha-library.texi, doc/cha-tokens.texi, lib/Makefile.am,
11192 lib/tpm.c: If trousers is not present define the TPM functions but
11193 have them return GNUTLS_E_UNIMPLEMENTED_FEATURE.
11195 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11197 * configure.ac: tpm support is disabled by default
11199 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11201 * doc/TODO: updated
11203 2013-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11205 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11206 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11207 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11208 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11209 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
11210 doc/manpages/tpmtool.1: updated autogen'ed files.
11212 2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11214 * doc/cha-auth.texi, doc/cha-tokens.texi, doc/latex/Makefile.am,
11215 doc/latex/gnutls.tex: doc updates
11217 2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11219 * libdane/dane-params.c, libdane/dane.c: KU Leuven copyright stuff
11220 is LGPL version 2.1 or later
11222 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11224 * THANKS: updated thanks file
11226 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11228 * README-alpha: updated git2cl link
11230 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11232 * doc/cha-auth.texi: corrected typos
11234 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11236 * doc/cha-auth.texi: updated in auth chapter
11238 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11240 * doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
11241 doc/cha-cert-auth2.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
11242 doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11243 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11244 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11245 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11246 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: Reorganization of
11247 the authentication chapter.
11249 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11251 * doc/cha-auth.texi, doc/gnutls.texi: Added authentication methods
11254 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11256 * doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
11257 doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
11258 doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
11259 doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
11260 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
11261 doc/examples/ex-serv-x509.c: better code in client and server
11264 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11266 * NEWS, lib/nettle/pk.c: made PKCS#1 1.5 encoding and decoding
11267 stricter. Reported by Kikuchi Masashi.
11269 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11271 * lib/gnutls_record.c: corrected typo
11273 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11275 * lib/gnutls_record.c: Termination when expecting an alert is
11276 handled gracefully in DTLS.
11278 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11280 * NEWS, lib/ext/heartbeat.c: Improvements in heartbeat handling.
11282 2012-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11284 * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c,
11285 doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
11286 doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: drop
11287 unecessary function in examples
11289 2012-12-20 Martin Storsjo <martin@martin.st>
11291 * lib/ext/srtp.c: Don't match further SRTP profiles after one match
11292 has been found This makes SRTP profile matching more straightforward and intuitive,
11293 when the first matching SRTP profile will be the one selected, not
11294 the last one as before. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11296 2012-12-20 Martin Storsjo <martin@martin.st>
11298 * lib/crypto-api.c: Fix the parameter name to gnutls_key_generate Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11300 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11304 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11306 * tests/suite/testcompat: corrected datefudge test
11308 2012-12-18 Martin Storsjo <martin@martin.st>
11310 * lib/system_override.c: Fix docs for
11311 gnutls_transport_set_pull_timeout_function The timeout function returns int, not ssize_t. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11313 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11315 * lib/x509/x509_write.c: doc update
11317 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11319 * configure.ac: bumped version
11321 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11323 * tests/suite/mini-eagain2.c: added config.h
11325 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11327 * configure.ac: corrected wording
11329 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11331 * build-aux/snippet/warn-on-use.h, gl/Makefile.am, gl/base64.c,
11332 gl/error.c, gl/fstat.c, gl/getaddrinfo.c, gl/m4/base64.m4,
11333 gl/m4/error.m4, gl/m4/extern-inline.m4, gl/m4/fstat.m4,
11334 gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4,
11335 gl/m4/lock.m4, gl/m4/lstat.m4, gl/m4/math_h.m4, gl/m4/open.m4,
11336 gl/m4/stat.m4, gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4,
11337 gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
11338 gl/math.c, gl/math.in.h, gl/stdio.c, gl/stdio.in.h,
11339 gl/sys_socket.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
11340 gl/tests/ftruncate.c, gl/tests/glthread/lock.c, gl/tests/lstat.c,
11341 gl/tests/open.c, gl/tests/stat.c, gl/unistd.c, gl/unistd.in.h,
11342 gl/vasnprintf.c, maint.mk: updated gnulib
11344 2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11346 * tests/suite/Makefile.am: corrected test
11348 2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11350 * doc/invoke-certtool.texi, src/certtool-args.c,
11351 src/certtool-args.def, src/certtool-args.h: certtool
11352 --generate-request option conflicts with --infile. Suggested by
11355 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11359 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11361 * doc/Makefile.am, doc/invoke-danetool.texi,
11362 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11363 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11364 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
11365 doc/invoke-tpmtool.texi, doc/manpages/Makefile.am,
11366 doc/manpages/tpmtool.1: use ECHO_N
11368 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11370 * tests/suite/Makefile.am: do not build ecore in macosx
11372 2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11374 * README, README-alpha: updated urls
11376 2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11378 * doc/gnutls.texi, doc/latex/cover-epub.tex, doc/latex/cover.tex,
11379 lib/gnutls_privkey.c, lib/x509/crq.c, lib/x509/pkcs12.c,
11380 tests/pkcs12_simple.c: corrected copyright notices
11382 2012-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11384 * doc/invoke-certtool.texi, src/certtool-args.c,
11385 src/certtool-args.def, src/certtool-args.h: updated documentation.
11387 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11389 * lib/x509/common.c: _gnutls_strdatum_to_buf() will account for NULL
11392 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11394 * lib/x509/output.c: allow GNUTLS_E_SHORT_MEMORY_BUFFER in
11395 gnutls_x509_crq_get_challenge_password
11397 2012-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11399 * lib/x509/crq.c: doc update
11401 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11403 * doc/invoke-p11tool.texi, src/p11tool-args.c,
11404 src/p11tool-args.def, src/p11tool-args.h: updated documentation
11406 2012-12-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11408 * lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
11409 tests/key-openssl.c, tests/pkcs12_simple.c: Import PKCS #12 keys
11411 2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11413 * NEWS: document fix
11415 2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11417 * lib/gnutls_cipher.c: Corrected bugs in record parsing. Corrected bugs in record padding parsing. Reported by Kenny
11418 Patterson and Nadhem Alfardan.
11420 2012-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11422 * NEWS: documented fixes
11424 2012-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11426 * lib/ext/srtp.c, lib/ext/srtp.h: corrected copyright
11428 2012-12-01 Ludovic Courtès <ludo@gnu.org>
11430 * guile/src/Makefile.am: guile: Fix dependencies to be
11433 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11435 * doc/cha-cert-auth.texi: Revert "do not document low-level
11436 functions" This reverts commit 7b334d581007ba4a91837edb1e0081959f32e363.
11438 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11440 * README: mention dependencies in readme
11442 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11444 * cfg.mk: update @VERSION@ -> actual version on the web manual
11446 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11448 * doc/cha-cert-auth.texi: doc update
11450 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11452 * cfg.mk: simplified generation of documentation
11454 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11456 * doc/cha-gtls-app.texi: mention gnutls_sec_param_get_name
11458 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11460 * doc/cha-crypto.texi, lib/gnutls_ui.c: doc updates
11462 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11464 * src/socket.c: corrected socket loop. Based on patch by Mantas
11467 2012-11-26 Simon Josefsson <simon@josefsson.org>
11469 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
11470 lib/minitasn1/element.c, lib/minitasn1/int.h,
11471 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
11472 lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update
11473 minitasn1 to version 3.1.
11475 2012-11-26 Simon Josefsson <simon@josefsson.org>
11477 * .gitignore, build-aux/snippet/unused-parameter.h,
11478 doc/gendocs_template, maint.mk: Update gnulib tools. Add missing
11479 unused-parameter.h template.
11481 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11485 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11487 * src/cli.c, src/ocsptool-common.c, src/socket.c, src/socket.h:
11488 gnutls-cli will try to cannot to all possible returned addresses.
11490 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11492 * doc/TODO: updated todo list
11494 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11496 * NEWS, lib/x509/x509.c: gnutls_x509_crt_get_policy() allows for a
11497 list of zero policy qualifiers.
11499 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11501 * src/libopts/usage.c: Added hack to print the parameters correctly
11504 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11506 * lib/x509/x509.c: updated
11508 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11510 * tests/cert-tests/template-test: repeat the tests to avoid
11511 accidental failures
11513 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11515 * lib/x509/dn.c: LDAP string escaping was made stricter (rfc4514
11518 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11520 * lib/pkix.asn, lib/pkix_asn1_tab.c: removed unneeded types.
11522 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11524 * lib/x509/common.c: UniversalString (UTF-32) is handled as
11525 non-printable for now.
11527 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11529 * doc/TODO: updated todo list
11531 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11533 * lib/x509/common.c: Allow for bit strings that are not a multiple
11536 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11538 * NEWS, cross.mk: updated
11540 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11542 * m4/hooks.m4: require libtasn1 3.1 or later
11544 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11546 * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c, lib/tpm.c,
11547 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
11548 lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
11549 lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
11550 lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/x509.c,
11551 lib/x509/x509_int.h, lib/x509/x509_write.c, tests/crq_apis.c,
11552 tests/set_pkcs12_cred.c: rewritten ASN.1 handling string subsystems
11553 to use the new libtasn1 APIs.
11555 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11557 * NEWS: released 3.1.5
11559 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11561 * .gitignore: more files to ignore
11563 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11565 * lib/x509/common.c: corrected placeOfBirth DN parsing.
11567 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11569 * lib/gnutls_global.c: no need to release struct
11571 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11573 * doc/cha-cert-auth.texi: do not document low-level functions
11575 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11577 * lib/nettle/ecc_mulmod_cached.c: set cache to null after
11580 2012-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11582 * tests/cert-tests/template-test: fixed test
11584 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11586 * .gitignore, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
11587 gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
11588 gl/iconv_open-aix.gperf, gl/iconv_open-aix.h,
11589 gl/iconv_open-hpux.gperf, gl/iconv_open-hpux.h,
11590 gl/iconv_open-irix.gperf, gl/iconv_open-irix.h,
11591 gl/iconv_open-osf.gperf, gl/iconv_open-osf.h,
11592 gl/iconv_open-solaris.gperf, gl/iconv_open-solaris.h,
11593 gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
11594 gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4,
11595 gl/m4/inline.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
11596 gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
11597 gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/setlocale.m4,
11598 gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c,
11599 gl/tests/localename.h, gl/tests/setlocale.c,
11600 gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
11601 gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
11602 gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
11603 gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
11604 gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
11605 gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
11606 gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
11607 gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
11608 gl/unistr/u8-uctomb.c, gl/unitypes.in.h: iconv() will include the
11609 UCS2->UTF8 convertion in systems that is not provided.
11611 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11613 * lib/pkix_asn1_tab.c: use the old type for compatibility
11615 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11617 * lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: updated
11620 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11622 * configure.ac, m4/hooks.m4: bumped version
11624 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11626 * lib/system.c: simplified UTF-8 encoding.
11628 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11630 * NEWS, doc/invoke-danetool.texi, src/Makefile.am,
11631 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
11632 src/danetool.c: danetool is being built even without libgnutls-dane. The --check functionality is not operational though. It can only
11633 generate tlsa records.
11635 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11637 * tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
11638 tests/cert-tests/template-utf8.pem,
11639 tests/cert-tests/template-utf8.tmpl: Added test on UTF-8 certificate
11642 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11644 * lib/x509/dn.c: removed redundant check
11646 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11648 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
11649 src/certtool-args.def, src/certtool-args.h, src/certtool.c: updated
11652 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11654 * lib/x509/x509.c: update
11656 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11658 * doc/cha-cert-auth.texi, lib/x509/x509.c: doc update
11660 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11662 * doc/cha-cert-auth2.texi, lib/pkcs11_privkey.c, lib/x509/output.c,
11663 lib/x509/x509.c, lib/x509/x509_write.c: doc update
11665 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11667 * lib/x509/x509_write.c: enforce the 200 character limit.
11669 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11671 * NEWS, lib/system.c: improved iconv support.
11673 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11675 * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
11676 tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem,
11677 tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen:
11678 updated for new output
11680 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11682 * NEWS: news update
11684 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11686 * NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
11687 doc/invoke-certtool.texi, doc/manpages/Makefile.am,
11688 lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
11689 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
11690 lib/x509/output.c, src/certtool-args.c, src/certtool-args.def,
11691 src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
11692 src/certtool.c, src/tpmtool.c: Several updates in certificate/public
11693 key printing. * Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an
11694 easier to parse format. * Added gnutls_pubkey_import_x509_crq() to convert a certificate
11695 request to a public key. * Added gnutls_pubkey_print() to simplify public key printing. * certtool's pubkey-info can be combined with --load-request. * Added --numbers option to certtool which prints big numbers in an
11696 easier to parser format.
11698 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11700 * build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/dup2.c,
11701 gl/errno.in.h, gl/m4/errno_h.m4, gl/m4/gnulib-cache.m4,
11702 gl/m4/gnulib-comp.m4, gl/m4/select.m4, gl/m4/stdlib_h.m4,
11703 gl/select.c, gl/stdlib.in.h, gl/strerror-override.c,
11704 gl/strerror-override.h, gl/tests/Makefile.am, gl/tests/dup2.c,
11705 gl/tests/fcntl.in.h, gl/tests/test-fcntl-h.c,
11706 gl/tests/test-iconv.c, gl/tests/test-select.h, lib/system.c,
11707 m4/hooks.m4, maint.mk: use gnulib to detect iconv.
11709 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11711 * NEWS, configure.ac, lib/Makefile.am, lib/system.c: check for
11712 either iconv or libiconv.
11714 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11716 * src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
11717 src/certtool-cfg.c: simplified parsing
11719 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11721 * lib/x509/output.c: print header only on the first policy
11723 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11725 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
11726 src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c,
11727 src/certtool-cfg.h, src/certtool.c: certtool is able to set
11728 certificate policies via a template
11730 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11732 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
11733 lib/x509/dn.c, lib/x509/output.c, lib/x509/x509.c,
11734 lib/x509/x509_write.c: Added gnutls_x509_crt_set_policy()
11736 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11738 * lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
11739 lib/x509/x509.c: doc update
11741 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11743 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
11744 lib/includes/gnutls/x509.h, lib/x509/output.c, lib/x509/x509.c:
11747 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11749 * lib/system.c: corrected win32 UCS2 conversion.
11751 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11753 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
11754 lib/includes/gnutls/x509.h, lib/system.c, lib/x509/output.c,
11755 lib/x509/x509.c: simplified naming
11757 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11759 * NEWS: documented update
11761 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11763 * lib/x509/x509.c: mention the extension OID
11765 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11767 * tests/cert-tests/aki-cert.pem,
11768 tests/cert-tests/no-ca-or-pathlen.pem: updated certificates to parse
11771 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11773 * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/x509.c: handle
11776 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11778 * tests/cert-tests/Makefile.am, tests/cert-tests/bmpstring.pem,
11779 tests/cert-tests/pem-decoding: Added simple check for bmpstring
11782 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11784 * lib/system.c: Added _gnutls_ucs2_to_utf8() for windows (untested)
11786 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11788 * lib/x509/common.c: If _gnutls_ucs2_to_utf8() handle the data as
11789 non-printable (fallback to previous behavior).
11791 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11793 * lib/x509/x509.c: doc update
11795 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11797 * NEWS: documented updates
11799 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11801 * configure.ac: check for iconv
11803 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11805 * lib/system.c, lib/x509/common.c: map the whole ascii set
11807 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11809 * lib/x509/common.c: Handle BMPString in DNs.
11811 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11813 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
11814 lib/pkix_asn1_tab.c, lib/system.c, lib/system.h, lib/tpm.c,
11815 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
11816 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
11817 lib/x509/ocsp.c, lib/x509/output.c, lib/x509/pkcs12.c,
11818 lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
11819 lib/x509/privkey_pkcs8.c, lib/x509/x509.c: Added functions to parse
11820 the certificate policies extention. Added gnutls_x509_crt_get_policy() etc. In addition several updated
11821 in the handling of strings in X.509 structures.
11823 2012-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11825 * doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-crypto.texi,
11826 doc/cha-gtls-app.texi, doc/gnutls.texi, lib/x509/privkey.c: doc
11829 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11831 * lib/gnutls_cert.c: updated doc
11833 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11835 * NEWS: documented update
11837 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11841 2012-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11843 * tests/cert-tests/template-test: Added small text
11845 2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
11847 * doc/examples/Makefile.am: print-ciphersuites was a very useful too
11848 for debugging this. Now it is even built. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11850 2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
11852 * lib/gnutls_priority.c: Don't read past the last list entry in
11853 _add_priority, doing so adds algorithms that shouldn't be added and
11854 can even lead to a segfault. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11856 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11858 * src/danetool.c: tried to beautify output of danetool
11860 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11862 * lib/gnutls_x509.c: corrected description.
11864 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11866 * lib/gnutls_cert.c: corrected typo
11868 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11872 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11874 * src/pkcs11.c: optimizations in list import
11876 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11878 * lib/pkcs11.c: When listing all objects of a type, restrict their
11879 class to the specified.
11881 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11883 * src/pkcs11.c: Added some help on failure.
11885 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11887 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
11888 pkcs11_find_object made static.
11890 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11892 * src/certtool-common.c, src/certtool-common.h, src/certtool.c,
11893 src/dh.c, src/p11tool.c, src/pkcs11.c, src/tpmtool.c: get_bits()
11894 does not always warn.
11896 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11898 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
11899 lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/pkcs11.c: when
11900 generating a PKCS #11 private key print the public key.
11902 2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11904 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
11905 src/certtool-args.def, src/certtool-args.h, src/certtool.c: The
11906 pubkey-info option can be combined with the load-privkey to extract
11907 the public key of a private key.
11909 2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11911 * doc/examples/ex-client-x509.c, doc/examples/ex-verify-ssh.c,
11912 doc/examples/verify.c: corrected verification examples
11914 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11916 * doc/TODO: removed OCSP extension from TODO
11918 2012-11-09 Diego Elio Pettenò <flameeyes@flameeyes.eu>
11920 * tests/cert-tests/Makefile.am: build: only run the dane cert test
11921 if dane is enabled. This fixes a test failure when disabling dane support. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
11922 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11924 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11926 * Makefile.am, NEWS, cfg.mk, doc/manpages/Makefile.am,
11927 tests/cert-tests/Makefile.am, tests/cert-tests/cert-ecc256.pem,
11928 tests/cert-tests/dane: last changes for release.
11930 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11932 * doc/Makefile.am, doc/invoke-gnutls-cli.texi,
11933 doc/manpages/Makefile.am, src/common.c: updated
11935 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11937 * lib/gnutls_x509.c: Corrected indication of OCSP check failure.
11939 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11941 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: The
11942 status-request option was eliminated. Check OCSP only when the
11943 status response in the handshake was invalid.
11945 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11947 * AUTHORS, NEWS: Added Martin
11949 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11951 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
11952 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
11953 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
11954 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
11955 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
11956 src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
11957 src/tpmtool-args.h: updated
11959 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11961 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
11962 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
11963 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
11964 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
11965 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
11966 doc/manpages/tpmtool.1, doc/scripts/cleanup-autogen.pl: remove
11967 @cindex from the invoke-* files.
11969 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11971 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
11972 doc/latex/gnutls.bib: doc updates
11974 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11976 * doc/cha-cert-auth.texi: doc update
11978 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11980 * NEWS, lib/algorithms.h, lib/algorithms/mac.c,
11981 lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
11982 lib/libgnutls.map, lib/verify-tofu.c, lib/x509/ocsp_output.c,
11983 lib/x509/output.c, lib/x509/verify.c, tests/chainverify.c: Allow
11984 easier marking of insecure algorithms.
11986 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11988 * lib/gnutls_compress.c: removed debugging
11990 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11992 * NEWS, lib/gnutls_int.h, lib/gnutls_sig.c: key usage violations are
11995 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11997 * Removed GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on
11998 OCSP parsing errors.
12002 Copyright (C) 2005-2012 Free Software Foundation, Inc.
12004 Copying and distribution of this file, with or without
12005 modification, are permitted provided the copyright notice
12006 and this notice are preserved.