1 2016-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3 * NEWS: released 3.4.11
5 2016-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 * configure.ac: tests: do not enable valgrind in non-git builds
9 2016-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11 * lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: don't warn
12 about insecure algorithm when unknown
14 2016-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16 * tests/suite/Makefile.am, tests/suite/testcompat-openssl.sh: tests:
17 disable unsupported curves from compatibility checks This allows running make check even when compiling with
18 disable-suiteb-curves.
20 2016-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
22 * lib/gnutls_state.c: dtls: added missing dtls.h to state.c
24 2016-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
26 * configure.ac, m4/hooks.m4: bumped version
28 2016-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
32 2016-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
34 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
35 lib/minitasn1/element.c, lib/minitasn1/element.h,
36 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
37 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
38 lib/minitasn1/structure.c: minitasn1: updated to latest git version
40 2016-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
42 * doc/cha-gtls-app.texi: doc: Replace references to select with poll
45 2016-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
47 * doc/cha-gtls-app.texi: doc: replace inaccurate sentence with
48 reference to gnutls_record_discard_queued [ci skip]
50 2016-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
52 * lib/gnutls_state.c: gnutls_record_get_direction: doc update [ci
55 2016-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
57 * tests/x509sign-verify2.c: tests: reduce the number of loops in
58 x509sign-verify2 This enables running the test in reasonable time under valgrind.
60 2016-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
62 * lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: corrected byKey
63 definition OCSP is defined in an EXPLICIT tags module, and as such we must tag
64 explicitly all of its tags.
66 2016-04-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
68 * lib/x509/name_constraints.c: name constraints: enforce the rules
69 for IP constraints when adding This will prevent gnutls from generating badly formed certificates.
71 2016-04-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
73 * lib/x509/common.c, lib/x509/common.h, lib/x509/x509.c:
74 _gnutls_parse_general_name2: allow parsing empty names This allows parsing empty general names such as an empty DNSname
75 used in name constraints.
77 2016-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
81 2016-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
83 * src/ocsptool-common.c: ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool
84 doesn't support. Reported by Thomas Klute.
86 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
90 2016-03-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
92 * tests/cert-tests/certtool-long-cn: tests: delete outfile in
95 2016-03-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
97 * tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
98 tests/cert-tests/name-constraints-ip2.pem: tests: verify the output
99 of name constraints IP decoding
101 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
103 * lib/x509/output.c: x509/output: simplified cidr_to_string()
105 2016-03-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
107 * lib/x509/output.c: x509/output: print RFC5280 CIDRs in name
110 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
114 2016-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
116 * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_state.c: dtls:
117 reset the record number sliding window on gnutls_record_set_state() This addresses issue where gnutls_record_set_state() was called with
118 a new state but the sliding window information was not updated, thus
119 blocking any incoming packets. Resolves #82
121 2016-03-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
123 * lib/gnutls_record.c: DTLS: save last valid record sequence number This will allow to report a valid number to
124 gnutls_record_get_state() callers in case of DTLS. Reported by
127 2016-03-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
129 * lib/gnutls_state.c: gnutls_record_get_state: Allow for NULL
132 2016-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
134 * src/ocsptool.c: ocsptool: don't exit with error code on
135 verification failures when --ignore-errors is given
137 2016-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
139 * src/ocsptool.c: ocsptool: exit with error on verification failures
141 2016-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
143 * lib/x509/ocsp.c: ocsp: gnutls_ocsp_resp_verify_direct will skip
144 additional checks for certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed
145 by the same CA that signed the certificate. Reported by Thomas
148 2016-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
150 * src/ocsptool-args.def, src/ocsptool.c: ocsptool: Allow saving
151 responses even if verification fails In addition do not enter a spurious newline to responses.
153 2016-03-23 Maya Rashish <coypu@sdf.org>
155 * tests/dtls/dtls-stress.c: Avoid using strerror in dtls stress test Using it results in build failure on NetBSD: undefined reference to
158 2016-03-23 Maya Rashish <coypu@sdf.org>
160 * tests/utils.h: Add missing header to testsuite This causes a problem for NetBSD+clang tests, because SIGTERM and
161 kill are undefined. Resolves #80 Signed-off-by: Maya Rashish <coypu@sdf.org>
163 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
165 * NEWS: doc update [ci skip]
167 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
169 * tests/mini-x509-callbacks.c: tests: verify that the
170 post-client-hello callback has access to ALPN data
172 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
174 * lib/gnutls_handshake.c: handshake: parse the mandatory to parse
175 extension prior to any callback call This relates to the change of ALPN extension to mandatory to parse,
176 and allows applications to get ALPN data prior to handshake
179 2016-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
181 * tests/resume.c: tests: added checks for session resumption and
182 ALPN This checks whether the ALPN extension is re-read on resumption and
185 2016-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
187 * tests/resume.c: tests: resume: simplified structure assignment
190 2016-03-15 Yuriy M. Kaminskiy <yumkam@gmail.com>
192 * lib/ext/alpn.c: alpn: ALPN state is per-connection, it should not
193 be saved with session data In addition the extension was moved to the mandatory to parse to
194 ensure it is always parsed when sessions are resumed. rfc7301: Unlike many other TLS extensions, this extension does not
195 establish properties of the session, only of the connection.
196 When session resumption or session tickets [RFC5077] are used, the
197 previous contents of this extension are irrelevant, and only the
198 values in the new handshake messages are considered. Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com> Signed-off-by:
199 Nikos Mavrogiannopoulos <nmav@gnutls.org>
201 2016-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
203 * lib/accelerated/x86/x86-common.c: x86-common: CPUID override will
204 only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities.
205 Reported by Andreas Metzler.
207 2016-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
211 2016-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
213 * lib/ext/server_name.c: gnutls_server_name_set: accept non-null
214 terminated hostnames The introduction of IDNA support introduced a regression and this
215 function does not operate correctly when given non-null terminated
216 strings. Reported by Tim Ruehsen. Relates #78
218 2016-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
220 * tests/mini-server-name.c: tests: added check for non-null
221 terminated server name This checks whether a non-null terminated server name, but with
222 correct length is correctly accepted by gnutls_server_name_set(). Relates #78
224 2016-03-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
226 * tests/cert-tests/template-nc.pem: tests: template-test was updated
227 for OCSP key purpose reordering
229 2016-03-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
233 2016-03-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
235 * src/certtool.c: certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a
236 CA to delegate OCSP signing to another certificate without requiring
237 it to be a CA. Reported by Thomas Klute.
239 2016-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
241 * devel/ABI-x86_64.dump, devel/abi-unchecked-symbols,
242 devel/abi-unchecked-symbols.txt: abi-check: corrected type of
243 gnutls_x509_crl_get_issuer_dn That will avoid any accidental ABI breakage on that symbol.
245 2016-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
247 * .gitlab-ci.yml: .gitlab-ci.yml: added abi-checker rule This allows to test ABI incompatibilities as soon as possible.
249 2016-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
251 * Makefile.am, devel/ABI-dane-x86_64.dump, devel/ABI-x86_64.dump,
252 devel/abi-unchecked-symbols, devel/abi-unchecked-symbols.txt,
253 devel/abi.xml, devel/abi3.2.xml, devel/abi3.4.xml: Makefile: made
254 abi-checks self-contained That is, they no longer assume a given directory structure to exist
255 outside git. It now includes a static dump of the symbols in 3.4.0
256 for x86_64 and we compare with it.
258 2016-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
260 * src/cli.c: gnutls-cli: fix invalid initialization in
263 2016-03-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
267 2016-03-08 Jan Vcelak <jan.vcelak@nic.cz>
269 * lib/pkcs11_privkey.c: pkcs11: implement correct DSA key pair
270 generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
272 2016-02-25 Jan Vcelak <jan.vcelak@nic.cz>
274 * lib/pkcs11_int.c, lib/pkcs11_int.h: pkcs11: add interface for
275 C_GenerateKey Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
277 2016-03-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
279 * tests/suite/testpkcs11.sh: tests: testpkcs11: the test will always
280 fail in code path failures
282 2016-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
284 * tests/mini-loss-time.c: tests: mini-loss-time: improved timeout
287 2016-02-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
289 * tests/mini-loss-time.c: tests: mini-loss-time: ensure client
290 timeouts after the server is This addresses issue with the server detecting the client
291 disconnection prior to its timeout. Reported by Steven Chamberlain,
294 2016-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
296 * lib/gnutls_ui.c: gnutls_ocsp_status_request_is_checked: document
297 the version the flag was introduced at
299 2016-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
301 * doc/doc.mk: doc: generate manpages for all functions That addresses issue where certain manpages were created empty. See
302 https://bugzilla.redhat.com/show_bug.cgi?id=1306800
304 2016-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
306 * doc/cha-gtls-app.texi: doc: mention
307 gnutls_certificate_set_x509_trust_dir() It was not mentioned in the "Client or server certificate
308 verification" section. Resolves #76
310 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
312 * tests/slow/Makefile.am: tests: include test-hash-large into dist
314 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
318 2016-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
320 * po/zh_CN.po.in: Sync with TP [ci skip]
322 2016-03-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
324 * lib/gnutls_global.c: Disable weak symbols for
325 _gnutls_global_init_skip() under windows That is to avoid an issue with running gnutls under windows; that
326 renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows. Relates #74
328 2016-02-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
330 * configure.ac, m4/hooks.m4: bumped version [ci skip]
332 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
334 * lib/ext/ecc.c: ecc: optimized extension parsing
336 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
338 * NEWS: doc update [ci skip]
340 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
342 * lib/gnutls_state.c: timespec_sub_ms: fixed operation in 32-bit
345 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
347 * lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: Fixes to prevent undefined
348 behavior (found with libubsan)
350 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
352 * lib/nettle/cipher.c: cipher.c: Fixes to prevent undefined behavior
353 (found with libubsan)
355 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
357 * lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior
358 (found with libubsan)
360 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
362 * lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent
363 undefined behavior (found with libubsan)
365 2016-02-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
367 * lib/gnutls_mem.h, lib/x509/x509.c: x509: Fixes to prevent
368 undefined behavior (found with libubsan)
370 2016-02-28 Andreas Metzler <ametzler@bebt.de>
372 * src/p11tool-args.def: Let p11tool --provider option accept
373 filenames. Drop 'file-exists = yes;' to allow specifying either an absolute
374 pathname or a file in P11_MODULE_PATH.
376 2016-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
378 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-is-known.c,
379 tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm,
380 tests/utils.c, tests/utils.h: tests: enable softhsmv2 test suite by
381 default Also do not fatally fail with known softhsmv2 bugs.
383 2016-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
387 2016-02-26 Jan Vcelak <jan.vcelak@nic.cz>
389 * tests/suite/testpkcs11.sh: pkcs11: tests for RSA, ECC, DSA private
390 key import Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
392 2016-02-26 Jan Vcelak <jan.vcelak@nic.cz>
394 * tests/suite/testpkcs11.sh: pkcs11: tests for DSA key generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
396 2016-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
398 * doc/cha-gtls-app.texi: added getpid() to the list of system calls
401 2016-02-25 Jan Vcelak <jan.vcelak@nic.cz>
403 * lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing
404 algorithm setting for DSA keys The algorithm number was set only in the private key structure, not
405 in the nested structure with parameters. This made certain
406 operations to fail (e.g., copying the key into a PKCS #11 token). Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
408 2016-02-24 Sebastian Dröge <sebastian@centricular.com>
410 * configure.ac: configure: Android is ELF too Without this, compiling Android for x86 or x86-64 fails because the
411 assembly optimizations are not compiled in.
413 2016-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
417 2016-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
419 * tests/Makefile.am, tests/pcert-list.c: tests: added tests for
420 gnutls_pcert_list_import_x509_raw()
422 2016-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
424 * lib/x509/x509.c: gnutls_x509_crt_list_import: corrected memory
425 leak This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was
426 specified and a failure occurred.
428 2016-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
430 * lib/x509/common.c: _gnutls_sort_clist: fixed issues when used with
431 func option This function would incorrectly call func() on elements that were
432 included in the list, and would not call func() if the size of the
435 2016-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
437 * lib/algorithms/secparams.c: DH/DSA: allow the generation of larger
438 than 15360 bit parameters
440 2016-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
442 * tests/slow/hash-large.c: tests: eliminated mem leak in hash-large
444 2016-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
446 * NEWS: doc update [ci skip]
448 2016-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
450 * tests/slow/Makefile.am, tests/slow/hash-large.c,
451 tests/slow/test-hash-large: tests: check whether large buffer hashes
452 and MAC work as expected
454 2016-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
456 * lib/accelerated/x86/hmac-padlock.c,
457 lib/accelerated/x86/hmac-x86-ssse3.c,
458 lib/accelerated/x86/sha-padlock.c,
459 lib/accelerated/x86/sha-padlock.h,
460 lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/mac.c: nettle: use
461 the correct type for hash and MAC functions
463 2016-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
465 * src/benchmark-cipher.c: gnutls-cli: improved indentation in
468 2016-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
470 * tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests
471 are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available.
473 2016-02-09 Andreas Metzler <ametzler@bebt.de>
475 * doc/cha-gtls-app.texi: improve doc on special keywords in priority
476 string Special keywords in priority strings like %COMPAT may not be
477 prefixed with +, - or !, "NORMAL:+%COMPAT is invalid.
479 2016-02-06 Attila Molnar <attilamolnar@hush.com>
481 * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
482 doc/cha-tokens.texi, lib/gnutls_auth.c, lib/gnutls_dtls.c,
483 lib/gnutls_extensions.c, src/tpmtool-args.def: doc: Fix some typos
485 2016-02-06 Attila Molnar <attilamolnar@hush.com>
487 * doc/cha-gtls-app.texi, src/certtool-cfg.c, src/serv-args.def:
488 Remove remaining RSA-EXPORT support leftovers from doc and messages
490 2016-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
492 * tests/suite/pkcs11-pubkey-import-ecdsa.c: tests:
493 pkcs11-pubkey-import-ecdsa will only work under softhsmv2
495 2016-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
497 * NEWS, configure.ac, m4/hooks.m4: bumped version
499 2016-01-31 Andreas Metzler <ametzler@bebt.de>
501 * lib/gnutls_pubkey.c, lib/openpgp/gnutls_openpgp.c,
502 lib/x509/pkcs12_bag.c, lib/x509/x509.c, lib/x509/x509_ext.c,
503 src/certtool-cfg.c: Fix some more typos. certifcate, funtion, withing, missmatch
505 2016-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
507 * NEWS: doc update [ci skip]
509 2016-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
511 * tests/cert-tests/template-date.pem,
512 tests/cert-tests/template-dn.pem,
513 tests/cert-tests/template-generalized.pem,
514 tests/cert-tests/template-nc.pem,
515 tests/cert-tests/template-overflow.pem,
516 tests/cert-tests/template-overflow2.pem,
517 tests/cert-tests/template-test.pem,
518 tests/cert-tests/template-unique.pem: Revert "tests: updated to
519 account for cert generation after
520 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b.
522 2016-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
524 * lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in
525 gnutls_x509_ext_export_key_usage" This was not really an out-of-bounds check. Added documentation to
526 make that clear. This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.
528 2016-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
530 * lib/gnutls_global.c: gnutls_global_init: log gnutls' version on
533 2016-01-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
535 * doc/cha-gtls-app.texi: doc: corrected typo [ci skip]
537 2016-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
541 2015-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
543 * lib/x509/output.c: x509: tolerate missing subject or issuer fields
545 2016-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
547 * lib/gnutls_pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory
550 2016-01-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
552 * lib/x509/output.c: x509: place newline when printing unsupported
555 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
557 * NEWS: doc update [ci skip]
559 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
561 * lib/ext/alpn.c: alpn: when parsing the list of protocols return at
562 the first mutually common That resolves an issue where the server wouldn't select the first
563 mutually supported. Resolves #63
565 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
567 * tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection
570 2016-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
572 * tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN
575 2016-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
577 * lib/ext/alpn.c: alpn: document how the selected protocol is
580 2016-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
582 * tests/mini-alpn.c: tests: verify that the selected ALPN protocol
583 is the first advertised
585 2015-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
587 * Makefile.am, src/Makefile.am: build: fix make distclean by
588 including src/gl only once
590 2016-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
592 * symbols.last: symbols.last: added new symbol
594 2016-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
596 * NEWS, configure.ac, m4/hooks.m4: bumped version
598 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
600 * lib/x509/verify-high.c: trust_list_get_issuer_by_dn: fixed check
603 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
605 * Makefile.am: symbols.last: don't include internal symbols into
608 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
610 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
613 2016-01-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
615 * configure.ac: configure: no longer distribute lzip tarballs
617 2016-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
619 * tests/cert-tests/template-date.pem,
620 tests/cert-tests/template-dn.pem,
621 tests/cert-tests/template-generalized.pem,
622 tests/cert-tests/template-nc.pem,
623 tests/cert-tests/template-overflow.pem,
624 tests/cert-tests/template-overflow2.pem,
625 tests/cert-tests/template-test.pem,
626 tests/cert-tests/template-unique.pem: tests: updated to account for
627 cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix
629 2016-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
633 2016-01-04 Tim Kosse <tim.kosse@filezilla-project.org>
635 * lib/x509/x509_ext.c: Fix out-of-bounds read in
636 gnutls_x509_ext_export_key_usage
638 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
640 * .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test
643 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
645 * NEWS: doc update [ci skip]
647 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
649 * NEWS: doc update [ci skip]
651 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
653 * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
654 the writing of ECC private key
656 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
658 * tests/suite/Makefile.am,
659 tests/suite/pkcs11-pubkey-import-ecdsa.c,
660 tests/suite/pkcs11-pubkey-import-rsa.c,
661 tests/suite/pkcs11-pubkey-import.c: tests: pkcs11-pubkey-import will
662 check both RSA and ECDSA keys
664 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
666 * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
667 the type of the written object Previously only RSA objects were correctly written.
669 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
671 * tests/cert-common.h: tests: added ECDSA key in cert-common.h
673 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
675 * lib/pkcs11_privkey.c: pkcs11: import public keys from any
676 available object That is, load public keys from the public key object, or the
677 certificate object if they are present. That affects non-RSA public
678 keys which do not contain all required fields on the private key
681 2015-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
683 * lib/gnutls_db.h: session DB: made the magic number depending on
684 gnutls' version That will make sure that sessions not stored by this version of
685 gnutls will not be resumed by another (which may be incompatible).
687 2015-12-26 Andreas Metzler <ametzler@bebt.de>
689 * README, lib/ext/srtp.c, lib/gnutls_priority.c, lib/locks.c,
690 lib/opencdk/keydb.c, lib/x509/pkcs7.c,
691 tests/mini-handshake-timeout.c: Fix some typos [ci skip]
693 2015-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
695 * NEWS: NEWS: doc update [ci skip]
697 2015-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
699 * lib/ext/max_record.c: max_record: don't consider this extension on
700 DTLS That is because it doesn't work as expected, and does not fragment
701 handshake messages. Relates with #61
703 2015-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
705 * doc/cha-crypto.texi, lib/includes/gnutls/gnutls.h.in: updated
706 documentation on supported algorithms [ci skip]
708 2015-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
710 * doc/cha-intro-tls.texi: Added SHA384 to the list of TLS support
713 2015-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
715 * tests/no-signal.c: tests: don't run the no-signal test in systems
716 which MSG_NOSIGNAL is not available
718 2015-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
720 * doc/manpages/tpmtool.1: doc: manpages: remove generated tpmtool.1
723 2015-12-17 Alon Bar-Lev <alon.barlev@gmail.com>
725 * .gitignore: .gitignore: add m4/extern-inline.m4
727 2015-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
731 2015-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
733 * tests/cert-tests/pkcs7: tests: added check to verify that the
734 PKCS#7 embedded data are recovered as expected
736 2015-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
738 * src/certtool-args.def, src/certtool.c: certtool: introduced the
739 --p7-show-data option This option allows printing the embedded data in a PKCS#7 signed
742 2015-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
744 * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c:
745 gnutls_pkcs7_get_embedded_data: added function This function allows extracting the embedded data from a PKCS#7
748 2015-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
750 * tests/pkcs7-gen.c: tests: updated pkcs7-gen to account for
751 content-type attribute
753 2015-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
757 2015-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
759 * tests/cert-tests/pkcs7: tests: check whether the content-type
760 attribute is set if we sign using time
762 2015-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
764 * lib/x509/pkcs7.c: pkcs7: set by default the content type attribute That is a requirement of rfc5652. Relates #59
766 2015-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
768 * lib/x509/crq.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
769 lib/x509/sign.c, lib/x509/x509_int.h: pkcs7: use the
770 PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7
771 structures That is because there are implementations which cannot cope with the
772 normal RSA signature OIDs. Relates #59
774 2015-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
776 * lib/x509/pkcs7.c, tests/cert-tests/p7-combined.out: pkcs7: Disable
777 the optional fields prior to generating the PKCS#7 structure This resolves issue with our PKCS#7 structures not being parsed by
778 MacOSX' tools. Relates #59
780 2015-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
782 * src/certtool.c: certtool: warn if an ECDSA key is marked for
785 2015-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
787 * src/certtool.c: certtool: corrected invalid free
789 2015-12-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
791 * lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_ui.c:
792 make sure gnutls_assert is present at the cases where
793 GNUTLS_E_INTERNAL_ERROR is returned
795 2015-12-14 Gustavo Zacarias <gustavo@zacarias.com.ar>
797 * configure.ac: configure: really make --disable-crywrap work The crywrap variable is set regardless of the state of
798 enable_crywrap, hence --disable-crywrap never works. Just put the
799 tests for crywrap deps inside the enable_crywrap conditional. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
801 2015-12-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
805 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
807 * lib/algorithms/ciphersuites.c: updated chacha20 ciphers to conform
810 2015-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
812 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
813 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
814 lib/gnutls_int.h: Modified the CHACHA20 cipher to conform to
815 draft-ietf-tls-chacha20-poly1305-02
817 2015-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
819 * src/cli-debug.c: gnutls-cli-debug: rephrased inappropriate
820 fallback test description to match the rest
822 2015-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
826 2015-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
828 * .gitlab-ci.yml: .gitlab-ci.yml: valgrind build was moved at the
829 end as it is the slowest build
831 2015-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
833 * src/certtool-args.def, src/certtool.c: certtool: the
834 --p7-include-cert option is enabled by default This allows to generate PKCS#7 structures by default that can be
837 2015-12-13 sskaje <sskaje@gmail.com>
839 * src/certtool-args.def, src/certtool.c: #56 Feature: certtool
840 --p7-sign support GNUTLS_PKCS7_INCLUDE_CERT
842 2015-12-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
844 * lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
845 #11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are
846 available. This is a much cleaner approach than
847 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
849 2015-12-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
851 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
852 lib/pkcs11_privkey.c: Revert "Do not allow importing public keys
853 from PKCS #11 private keys for DSA and ECDSA" This reverts commit 9146ba63f5aa48358cb80aa7ccf9131cf2abdbe6.
855 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
857 * tests/Makefile.am, tests/cert-common.h: tests: cert-common.h:
858 backported from master branch
860 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
864 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
866 * tests/suite/Makefile.am, tests/suite/pkcs11-pubkey-import.c:
867 tests: check whether gnutls_pubkey_import_privkey() operates well
870 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
872 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
873 lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
874 #11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for
875 a direct import. Reported by Jan Vcelak.
877 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
879 * lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't
882 2015-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
884 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
885 deinitialize gnutls_pkcs11_obj_t's pubkey on deinit
887 2015-12-06 Jan Vcelak <jan.vcelak@nic.cz>
889 * lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in
890 privkey_get_pubkey The code worked for RSA because the content of the variables
891 matched. But it doesn't match for ECC. CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0)
892 CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
894 2015-12-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
896 * src/benchmark-tls.c: gnutls-cli: don't use RSA ciphersuites to
897 test chacha20 as they are not defined
899 2015-12-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
901 * lib/x509/x509.c: documented bug in
902 gnutls_x509_crt_get_*_unique_id()
904 2015-11-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
906 * lib/x509/x509.c: allow specifying NULL buffer in
907 gnutls_x509_crt_get_*_unique_id()
909 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
911 * tests/slow/override-ciphers, tests/slow/test-ciphers: tests:
912 cipher-test will forward the prog exit code as the script exit code
914 2015-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
916 * tests/cert-tests/Makefile.am: tests: changes for running tests
919 2015-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
921 * .gitlab-ci.yml: .gitlab-ci.yml: backported from master
923 2015-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
925 * lib/x509/ocsp_output.c: ocsp_output: when next update is not
926 present don't print error message That is because this field is optional. Resolves #53
928 2015-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
930 * tests/slow/Makefile.am, tests/slow/override-ciphers: tests:
931 override-ciphers will not run mac tests on windows There is some issue with symbols for self tests not being exported.
933 2015-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
935 * tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
936 updates for certtool test to run under windows
938 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
940 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
941 tests/cert-tests/certtool, tests/cert-tests/certtool-long-cn,
942 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
943 tests/cert-tests/pkcs7, tests/pkcs8-decode/pkcs8: tests: changes for
944 running tests under windows
946 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
948 * lib/system.c: use consistent terms in system.c and
951 2015-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
953 * .gitlab-ci.yml: .gitlab-ci.yml: backported from master
955 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
957 * src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows
960 2015-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
962 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
963 src/libopts/COPYING.mbsd, src/libopts/Makefile.am,
964 src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
965 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
966 src/libopts/autoopts.c, src/libopts/autoopts.h,
967 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
968 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
969 src/libopts/check.c, src/libopts/compat/compat.h,
970 src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h,
971 src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
972 src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
973 src/libopts/genshell.c, src/libopts/genshell.h,
974 src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h,
975 src/libopts/libopts.c, src/libopts/load.c,
976 src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
977 src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c,
978 src/libopts/nested.c, src/libopts/numeric.c,
979 src/libopts/option-value-type.c,
980 src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c,
981 src/libopts/parse-duration.h, src/libopts/pgusage.c,
982 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
983 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
984 src/libopts/stack.c, src/libopts/stdnoreturn.in.h,
985 src/libopts/streqvcmp.c, src/libopts/text_mmap.c,
986 src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c,
987 src/libopts/version.c: libopts: updated to 5.18.6
989 2015-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
991 * tests/slow/Makefile.am: tests: use gnulib where needed
993 2015-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
995 * cross.mk: cross.mk: updated windows cross compile makefile
997 2015-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
999 * tests/global-init-override.c: tests: disable global-init-override
1000 test in windows Gcc does not support weak symbols on this platform.
1002 2015-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
1004 * src/socket.c: tools: don't call endservent in windows
1006 2015-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1008 * tests/cert-tests/Makefile.am: tests: included missing files
1010 2015-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1012 * lib/nettle/cipher.c: added cast to silence gcc warning
1014 2015-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1016 * NEWS: released 3.4.7
1018 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1020 * lib/system-keys-win.c: system-keys-win: allow reinitialization of
1021 the library after a deinitialization
1023 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1025 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
1026 auto-generated files
1028 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1030 * doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions
1033 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1035 * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
1036 lib/libgnutls.map: gnutls_global_init_skip: prefixed with an
1039 2015-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1041 * configure.ac, m4/hooks.m4: bumped version
1043 2015-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1045 * src/certtool.c: certtool: check fread_file() for errors in all
1046 situations This caused certtool to crash on invalid input on stdin. Reported
1049 2015-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
1051 * lib/x509/x509_write.c: doc update
1053 2015-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1055 * lib/gnutls_ui.c: gnutls_certificate_set_flags: Added since
1057 2015-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1061 2015-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1063 * tests/set_x509_key_mem.c: tests: check gnutls_certificate_flags
1065 2015-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1067 * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_ui.c,
1068 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
1069 gnutls_certificate_flags() and
1070 GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH That allows a user of the credentials to disable the certificate
1071 matching action. That is, to disable the calls to sign and verify on
1074 2015-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1076 * lib/Makefile.am: link with libdl when trousers is enabled;
1077 reported by Andreas Schneider
1079 2015-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1083 2015-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1085 * lib/crypto-selftests.c: enhanced cipher selftests with variable
1086 key sizes on arcfour
1088 2015-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1090 * lib/nettle/cipher.c: Do not enforce a maximum key size on ARCFOUR That makes the library consistent with the behavior of previous
1093 2015-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1095 * src/tests.c: gnutls-cli-debug: make TLS 1.6 fallback check more
1098 2015-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1100 * lib/gnutls_pubkey.c, lib/x509/x509_write.c: doc update
1102 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1104 * .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves in all
1105 systems as we have multiple which are fedoras
1107 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1111 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1113 * tests/global-init-override.c, tests/global-init.c: tests:
1114 corrected copyright info
1116 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1118 * tests/Makefile.am, tests/global-init-override.c: tests: added
1119 check for overriding global initialization
1121 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1123 * doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro
1125 2015-11-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1127 * lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
1128 lib/libgnutls.map: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow
1129 programs skip implicit global initialization
1131 2015-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1133 * .gitlab-ci.yml: .gitlab-ci.yml: backported
1135 2015-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1137 * doc/cha-gtls-app.texi: doc: document how to use gnutls with
1140 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1144 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1146 * lib/auth/dh_common.c: deinitialize client_Y if needed to avoid
1147 leak This is a more conservative fix comparing to
1148 0e370b7b34c96f7929f9070ad8287c6cf52e7901 ("deinitialize all
1149 handshake keys when handshake is over").
1151 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1153 * lib/gnutls_state.c: Revert "deinitialize all handshake keys when
1154 handshake is over" This reverts commit 0e370b7b34c96f7929f9070ad8287c6cf52e7901.
1156 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1160 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1162 * lib/x509/x509_write.c:
1163 gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc
1165 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1167 * lib/gnutls_pubkey.c: doc update
1169 2015-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1171 * doc/cha-crypto.texi, lib/includes/gnutls/pkcs7.h,
1172 lib/x509/pkcs7.c: Added documentation on PKCS #7 signing
1174 2015-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1176 * .gitlab-ci.yml: .gitlab-ci.yml: disable guile in asan builds
1178 2015-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1180 * lib/gnutls_state.c: deinitialize all handshake keys when handshake
1183 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1185 * tests/suite/Makefile.am, tests/suite/eagain,
1186 tests/suite/eagain.sh, tests/suite/invalid-cert,
1187 tests/suite/invalid-cert.sh, tests/suite/testcompat-openssl.sh,
1188 tests/suite/testcompat-polarssl.sh, tests/suite/testdane,
1189 tests/suite/testdane.sh, tests/suite/testrandom,
1190 tests/suite/testrandom.sh, tests/suite/testrng,
1191 tests/suite/testrng.sh, tests/suite/testsrn, tests/suite/testsrn.sh:
1192 tests: suite: more shell scripts were given the .sh suffix and
1195 2015-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1197 * tests/suite/Makefile.am, tests/suite/chain, tests/suite/chain.sh,
1198 tests/suite/test-ciphersuite-names,
1199 tests/suite/test-ciphersuite-names.sh, tests/suite/testpkcs11,
1200 tests/suite/testpkcs11.sh: tests: suite: don't run shell scripts
1203 2015-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1205 * tests/suite/testsrn: tests: testsrn: output errors on stderr
1207 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1211 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1213 * tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
1214 tests/cert-tests/template-unique.pem,
1215 tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs
1216 are generated as expected
1218 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1220 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
1221 src/certtool.c: certtool: Allow writing unique IDs in generated
1224 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1226 * lib/includes/gnutls/x509.h, lib/libgnutls.map,
1227 lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id()
1228 and gnutls_x509_crt_set_subject_unique_id()
1230 2015-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
1232 * lib/x509/output.c: properly indent unique IDs
1234 2015-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1236 * doc/cha-gtls-app.texi: documented the GNUTLS_NO_EXPLICIT_INIT
1237 environment variable
1239 2015-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1241 * lib/crypto-api.c: crypto-api: doc update
1243 2015-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1247 2015-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1249 * lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to
1250 DHE and ECDHE on a rehandshake
1252 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1256 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1258 * src/certtool.c: certtool: eliminate leaks in _verify_x509_mem()
1260 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1262 * tests/suite/testdane: testdane: improved error detection in sites
1264 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1266 * tests/suite/Makefile.am, tests/suite/chain,
1267 tests/suite/pkcs11-is-known.c, tests/suite/suppressions.valgrind,
1268 tests/suite/testsrn, tests/suite/x509paths/suppressions.valgrind:
1269 tests: suite: eliminate many leaks in the tests and run them under
1272 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1274 * tests/openpgp-certs/Makefile.am,
1275 tests/openpgp-certs/suppressions.valgrind,
1276 tests/openpgp-certs/testcerts: tests: openpgp-certs: use valgrind
1278 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1280 * lib/openpgp/extras.c: openpgp: eliminate leaks in
1281 gnutls_openpgp_keyring_import()
1283 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1285 * tests/suite/mini-eagain2.c: tests: eliminate leaks in
1288 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1290 * src/certtool.c: certtool: eliminate memory leaks in certificate
1293 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1295 * tests/key-tests/Makefile.am, tests/key-tests/key-id,
1296 tests/key-tests/pkcs8, tests/key-tests/suppressions.valgrind: tests:
1297 key-tests: use valgrind
1299 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1301 * lib/gnutls_pubkey.c: gnutls_x509_crt_set_pubkey: clarify usage
1303 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1305 * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
1306 tests/pkcs12-decode/suppressions.valgrind: tests: run the PKCS #12
1307 tests under valgrind
1309 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1313 2015-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1315 * lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: pkcs12: correctly set
1316 salt size in gnutls_pkcs12_mac_info Also eliminate leaks in PKCS #12 parsing.
1318 2015-11-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1320 * src/certtool.c: certtool: make sure that pkcs12 structures are
1323 2015-11-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1325 * lib/crypto-backend.c: crypto-backend: ensure there are no leaks on
1328 2015-11-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
1330 * lib/algorithms/ciphersuites.c, tests/mini-etm.c,
1331 tests/mini-record.c: Require TLS 1.2 for all the ciphersuites which
1332 are defined for it only This solves an interoperability issue with openssl. Reported by
1335 2015-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1337 * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
1338 src/pkcs11.c: p11tool: introduced --only-urls option This option allows printing a compact listing containing only of
1341 2015-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
1345 2015-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1347 * tests/Makefile.am, tests/mini-x509-default-prio.c: tests: added
1348 check for gnutls_priority_set_default
1350 2015-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
1352 * .gitlab-ci.yml: .gitlab-ci.yml: use static libasan This prevents issues with tests which use LD_PRELOAD.
1354 2015-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
1356 * .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves on build
1359 2015-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
1361 * src/socket.c: tools: better ftp auth tls negotiation
1363 2015-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1365 * src/socket.c: tools: only check for status code in FTP starttls
1368 2015-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1370 * src/socket.c: tools: print more info in starttls negotiation when
1373 2015-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1375 * lib/gnutls.pc.in: gnutls.pc: don't use the libtool version of the
1376 link options Reported by Dan Kegel. Resolves #49
1378 2015-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
1380 * lib/ext/heartbeat.c: removed inacurate text
1382 2015-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1384 * doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
1385 doc: updated supplemental data documentation
1387 2015-10-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1389 * tests/suite/testdane: tests: testdane will not check hosts which
1392 2015-10-20 Andreas Metzler <ametzler@bebt.de>
1394 * lib/auto-verify.c, lib/gnutls_state.c: Documentation update The new simple verification functions were backported to 3.4.6,
1395 correct "Since:" to reflect this.
1397 2015-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1399 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
1400 auto-generated files
1402 2015-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1404 * NEWS: released 3.4.6
1406 2015-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1408 * doc/cha-gtls-app.texi: doc: documented future level
1410 2015-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1414 2015-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1416 * lib/includes/gnutls/pkcs11.h: pkcs11.h: relocated
1417 gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts
1419 2015-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1423 2015-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1425 * lib/ext/ext_master_secret.c: ext master secret: extension is
1426 marked as mandatory This forces the extension to be sent even where resuming sessions.
1429 2015-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
1431 * tests/resume.c: tests: Check whether a resumed session contains
1432 the ext master secret extension Relates #45
1434 2015-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1438 2015-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1440 * tests/suite/pkcs11-certs/server.pub, tests/suite/testpkcs11:
1441 tests: adapted testpkcs11 for use with 3.4.x certtool
1443 2015-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1445 * tests/suite/testpkcs11, tests/suite/testpkcs11.softhsm: tests:
1446 verify that public keys are properly written Also disable parts of the suite that softhsm2 cannot properly work
1447 with, to allow running parts of the suite even with broken softhsm.
1449 2015-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1453 2015-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1455 * src/pkcs11.c: p11tool: Allow writing a PKCS #11 pubkey object
1457 2015-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
1459 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
1460 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
1461 introduced gnutls_pkcs11_copy_pubkey That allows copying a public key to a PKCS #11 module.
1463 2015-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1465 * doc/Makefile.am: doc: set a path which includes new binaries when
1466 running autogen That makes sure that autogen will discover the binaries to obtain
1469 2015-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1471 * src/cli-debug-args.def: gnutls-cli-debug: updated doc
1473 2015-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1475 * src/cli-debug-args.def, src/cli-debug.c, src/cli.c,
1476 src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h:
1477 tools: when the starttls-proto is specified automatically detect the
1480 2015-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1484 2015-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1488 2015-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1490 * .gitlab-ci.yml: backport: .gitlab-ci.yml: combined the slow build
1491 with the separate build dir
1493 2015-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1495 * lib/algorithms/ciphers.c, lib/gnutls_cipher_int.c,
1496 lib/gnutls_priority.c: Disable the NULL cipher on runtime when
1497 FIPS140 mode is enabled instead of statically That way the NULL cipher can be used when not in FIPS140 mode.
1499 2015-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1501 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/kx.c,
1502 lib/gnutls_int.h, lib/gnutls_priority.c: backport: Tolerate priority
1503 strings with names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications
1504 which disable or enable algorithms which no longer are supported.
1507 2015-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1511 2015-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
1513 * lib/pkcs11_write.c: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER
1514 when writing on a certificate That allows NSS to read and use the written certificate. Relates
1517 2015-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1519 * tests/sec-params.c: tests: enhanced sec-params check to account
1520 for future sec-param
1522 2015-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1526 2015-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1528 * src/certtool-common.c: certtool: recognize the future sec-param
1530 2015-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1532 * lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in:
1533 Introduced the security parameter future (256) and switched ultra to
1534 192 bits For ultra, this was its documented strength, and now follows RFC3766
1535 recommendations for sizes.
1537 2015-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1539 * src/certtool-common.c: certtool: be more specific on the help
1540 message for --sec-param when --bits are given
1542 2015-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1544 * tests/suite/testpkcs11.softhsm: tests: better detection of softhsm
1547 2015-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1549 * configure.ac, m4/hooks.m4: bumped version
1551 2015-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1555 2015-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1557 * doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
1558 doc/examples/ex-client-x509.c, lib/Makefile.am, lib/auto-verify.c,
1559 lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
1560 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
1561 lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
1562 lib/libgnutls.map, tests/Makefile.am, tests/auto-verify.c:
1563 Backported new verification functions for clients from 3.5.x branch The major use-case for the TLS protocol is verification of PKIX
1564 certificates. However, certificate verification support while is
1565 similar for almost all projects it requires around 100 lines of code
1566 (a callback) to be duplicated to all applications. That patch set
1567 gets rid of the callback and simplifies certificate verification
1568 support, by introducing a very simple API; one that would accept the
1569 session and the hostname only. Resolves #27
1571 2015-08-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
1573 * tests/Makefile.am, tests/eagain-common.h,
1574 tests/mini-session-verify-function.c: tests: added test for
1575 gnutls_session_set_verify_function
1577 2015-08-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
1579 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
1580 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
1581 gnutls_session_set_verify_function That allows to set a verification callback per session rather than
1582 only globally on the credentials structure.
1584 2015-10-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
1586 * lib/gnutls_record.c: gnutls_record_recv: simplified text on
1587 GNUTLS_E_REHANDSHAKE
1589 2015-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
1591 * src/certtool-common.c: certtool: print 16-bytes of hex values per
1592 line Also avoid a colon on the end of the line.
1594 2015-09-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1598 2015-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1600 * src/certtool-common.c: certtool: switched the default level to
1601 HIGH for key generation That requires 3072 bits for RSA and DSA keys.
1603 2015-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1607 2015-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1609 * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
1610 src/socket.c: tools: added xmpp into the starttls-proto options
1612 2015-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
1614 * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
1615 src/socket.c: tools: added ldap into the starttls-proto options
1617 2015-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1619 * lib/system.c: system.c: simplify gnutls_system_recv_timeout
1621 2015-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1623 * src/cli-debug.c: gnutls-cli-debug: use RFC7627 instead of
1624 draft-ietf-tls-session-hash
1626 2015-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
1628 * lib/includes/gnutls/gnutls.h.in: updated documentation on
1629 gnutls_vdata_types_t based on DKG's suggestions
1631 2015-09-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1633 * lib/gnutls_cert.c: improve docs for
1634 gnutls_certificate_verify_peers*() The gnutls_certificate_verify_peers{,2,3}() functions all return
1635 GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate
1636 was not verified. This is explained in the first paragraphs ("i.e.
1637 failure to trust a certificate does not imply a negative return
1638 value"), but the Returns: line isn't comparably clear.
1640 2015-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1642 * lib/gnutls_str.c: _gnutls_hex2bin: avoid overrun in the provided
1645 2015-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1647 * NEWS, configure.ac, m4/hooks.m4: bumped version
1649 2015-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1651 * doc/manpages/tpmtool.1: tpmtool.1: updated
1653 2015-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
1655 * lib/x509/output.c: Don't use formatted output for fixed strings Resolves #35
1657 2015-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1659 * lib/pkcs11_privkey.c: pkcs11: when storing public keys, make sure
1660 they are marked as not private
1662 2015-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1666 2015-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1668 * src/tests.c: gnutls-cli-debug: corrected typo in inappropriate
1671 2015-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
1673 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
1674 check for inappropriate fallback support
1676 2015-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
1678 * doc/examples/ex-serv-anon.c: corrected typo in ex-server-anon
1680 2015-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1682 * lib/gnutls_str.c: hex decoding: more reasonable error codes That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding
1683 error, and document that fact.
1685 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1687 * lib/ext/ext_master_secret.c, lib/gnutls_db.c: Set the extended
1688 master secret status based on resumption data only That is, don't require a new negotiation with extensions.
1690 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1692 * tests/resume-dtls.c, tests/resume.c: tests: corrected resumption
1693 tests to disable tickets when needed That is, perform the tests that require no tickets, with tickets
1696 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1698 * lib/gnutls_session_pack.c: session packing: corrected issue in PSK
1701 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1703 * lib/auth/psk.c: PSK: save the username in client side in the auth
1706 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1708 * lib/gnutls_hash_int.h: _gnutls_hash() returns error code if any. Ideally we would like to eliminate any return codes from that
1709 function. However, since that's on exported API we cannot easily do
1710 without breaking the ABI. Reported by Benedikt Klotz. Resolves #28
1712 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1716 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1718 * lib/x509/verify-high.c, lib/x509/verify-high2.c: x509: when
1719 appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted.
1721 2015-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
1723 * src/certtool.c: certtool: allow exporting very long CRLs
1725 2015-08-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1729 2015-08-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1731 * tests/cert-tests/crl: tests: verify whether CRL date setting works
1734 2015-08-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1736 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
1737 src/certtool.c: certtool: Allow specifying CRL dates as fixed dates
1739 2015-08-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1741 * tests/cert-tests/crl: tests: verify CRL appending effectiveness
1743 2015-08-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1745 * lib/x509/crl_write.c: gnutls_x509_crl_set_authority_key_id,
1746 gnutls_x509_crl_set_number allow overwritting That allows them to overwrite values which were previously set
1747 (e.g., on an imported CRL).
1749 2015-08-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
1751 * src/certtool-args.def, src/certtool.c: certtool: allow appending
1752 certificates to a CRL
1754 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1758 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1760 * src/certtool.c: certtool: removed limit on maximum imported
1761 certificates in the -i option
1763 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1765 * tests/cert-tests/Makefile.am, tests/cert-tests/crl: tests: check
1766 whether the CRL generation code works as expected
1768 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1770 * src/certtool-common.c, src/certtool.c: certtool: eliminated memory
1771 leaks due to new cert loading code
1773 2015-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1775 * src/certtool-common.c, src/certtool-common.h: certtool: lifted
1776 limits on file size to load
1778 2015-08-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
1780 * Makefile.am: before dist ensure that included libopts matches
1783 2015-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1785 * NEWS: corrected date
1787 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1789 * tests/cert-tests/Makefile.am: include all cert-tests into dist
1791 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1793 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
1794 auto-generated files for new functions
1796 2015-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1800 2015-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
1802 * src/pkcs11.c: p11tool: test-sign will not fail if a pubkey is not
1805 2015-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1807 * lib/x509/privkey.c: key decoding: set key to null for consistency
1809 2015-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1811 * lib/x509/privkey.c: key decoding: simplify decoding logic by
1812 removing the fallback
1814 2015-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1818 2015-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1820 * lib/x509/privkey.c: key decoding: corrected regression with PKCS
1821 #8 key decoding Reported by Daniel Berrange.
1823 2015-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
1825 * tests/Makefile.am, tests/pkcs8-key-decode.c: tests: added check
1826 for decoding of a PKCS #8 key as fallback
1828 2015-08-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1832 2015-08-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
1834 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set
1835 the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
1836 flag, to simulate the previous behavior.
1838 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1840 * cfg.mk: cfg.mk: fix order of arguments in gnulib-tool
1842 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1844 * tests/Makefile.am, tests/fallback-scsv.c: tests: added check for
1847 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1849 * lib/gnutls_handshake.c: handshake: check inappropriate fallback
1850 against the configured max version That allows to operate on a server which is explicitly configured to
1851 utilize earlier than TLS 1.2 versions.
1853 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1855 * lib/includes/gnutls/gnutls.h.in: corrected
1856 GNUTLS_E_INAPPROPRIATE_FALLBACK error code
1858 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1862 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1864 * lib/gnutls_handshake.c: copy_ciphersuites: use definition for
1865 reserved ciphersuites
1867 2015-08-01 Alessandro Ghedini <alessandro@ghedini.me>
1869 * doc/cha-gtls-app.texi, lib/gnutls_handshake.c, lib/gnutls_int.h,
1870 lib/gnutls_priority.c, lib/priority_options.gperf: handshake: add
1871 FALLBACK_SCSV priority option This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
1872 the handshake, as defined in RFC7507.
1874 2015-08-01 Alessandro Ghedini <alessandro@ghedini.me>
1876 * lib/algorithms.h, lib/gnutls_alert.c, lib/gnutls_errors.c,
1877 lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: handshake:
1878 check for TLS_FALLBACK_SCSV If TLS_FALLBACK_SCSV was sent by the client during the handshake,
1879 and the advertised protocol version is lower than
1880 GNUTLS_TLS_VERSION_MAX, send the "Inappropriate fallback" fatal
1881 alert and abort the handshake. This mechanism was defined in RFC7507.
1883 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1885 * build-aux/gendocs.sh, gl/Makefile.am, gl/m4/codeset.m4,
1886 gl/m4/extern-inline.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4,
1887 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
1888 gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4,
1889 gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
1890 gl/m4/intmax.m4, gl/m4/lcmessage.m4, gl/m4/lock.m4,
1891 gl/m4/manywarnings.m4, gl/m4/nls.m4, gl/m4/po.m4,
1892 gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/stdio_h.m4,
1893 gl/m4/sys_time_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
1894 gl/m4/uintmax_t.m4, gl/m4/valgrind-tests.m4, gl/m4/visibility.m4,
1895 gl/stddef.in.h, gl/stdio.in.h, gl/string.in.h, gl/tests/init.sh,
1896 gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
1897 gl/tests/test-stddef.c, gl/time.in.h, gl/wchar.in.h,
1898 src/gl/Makefile.am, src/gl/error.c, src/gl/error.h,
1899 src/gl/fseeko.c, src/gl/m4/extern-inline.m4,
1900 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
1901 src/gl/m4/stdio_h.m4, src/gl/m4/sys_time_h.m4, src/gl/m4/time_h.m4,
1902 src/gl/stddef.in.h, src/gl/stdio.in.h, src/gl/string.in.h,
1903 src/gl/time.in.h, src/gl/wchar.in.h, src/gl/xalloc.h: use the
1904 gettext-h gnulib module
1906 2015-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1908 * tests/cert-tests/certtool-long-cn: tests: added missing
1911 2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1913 * lib/ext/safe_renegotiation.c: safe renegotiation: simulate
1914 receiving the extension on receival of SCSV
1916 2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1918 * lib/x509/common.c: made data2hex() safer, and eliminated mem leak
1920 2015-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1922 * tests/cert-tests/Makefile.am, tests/cert-tests/very-long-dn.pem:
1923 tests: added check for proper handling of very long CNs
1925 2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1927 * tests/Makefile.am, tests/status-request-ok.c,
1928 tests/status-request.c: tests: added check for server sending (or
1929 not) status request messages
1931 2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1935 2015-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1937 * configure.ac: updated the required gettext version to match the
1940 2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1942 * lib/ext/safe_renegotiation.c: safe renegotiation: handle case
1943 where client didn't send any extension That was affected by the "don't try to send extensions we didn't
1946 2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1948 * lib/tpm.c: tpm: avoid warning
1950 2015-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
1952 * lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h:
1953 As server don't try to send extensions we didn't receive.
1955 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1959 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1961 * lib/tpm.c: tpm: use gnutls_hex_decode for uuid decoding
1963 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1965 * lib/auth/psk_passwd.c: psk: use gnutls_hex_decode2 for key
1968 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1970 * lib/system-keys-win.c: system-keys-win: use gnutls_hex_decode for
1973 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1975 * lib/openpgp/gnutls_openpgp.c: openpgp: use gnutls_hex_decode for
1978 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1980 * lib/x509/common.c: DN decoding: use gnutls_hex_encode
1982 2015-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1984 * lib/extras/Makefile.am, lib/extras/hex.c, lib/extras/hex.h,
1985 lib/extras/licenses/CC0, lib/gnutls_str.c,
1986 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Introduced
1987 gnutls_hex_encode2() and gnutls_hex_decode2() These also use safer hex decoding functions which don't skip invalid
1990 2015-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1994 2015-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
1996 * lib/x509/common.c: x509: simplified data to hex conversion in
1999 2015-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2001 * lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: Allow for
2002 non-null context and zero context length
2004 2015-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2006 * NEWS, configure.ac, m4/hooks.m4: bumped version
2008 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2010 * tests/prf.c: tests: added cross-check between gnutls_prf_rfc5705()
2013 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2015 * tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
2016 tests/suite/Makefile.am: removed legacy libgcrypt flags
2018 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2020 * lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: optimize in
2021 the common use case, by avoiding malloc Also don't handle specially the case of non-NULL context and
2022 context_size of zero.
2024 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2026 * .gitignore: ignore more files
2028 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2030 * src/p11tool-args.def: p11tool: fix documentation for
2031 --generate-ecc and generate-dsa
2033 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2035 * lib/gnutls_state.c: gnutls_prf_rfc5705: mention the version it was
2038 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2042 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2044 * tests/Makefile.am, tests/prf.c: tests: added check for
2045 gnutls_prf() and gnutls_prf_rfc5705
2047 2015-07-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
2049 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
2050 lib/libgnutls.map: gnutls_prf_rfc5705: added That includes support for RFC5705 when the context field is used.
2051 Initial patch by Rick van Rein.
2053 2015-07-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2055 * doc/cha-tokens.texi: doc update: explain more about PKCS #11 and
2058 2015-07-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
2060 * configure.ac: configure: print the trousers lib only when set
2062 2015-07-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
2064 * src/tpmtool-args.def, src/tpmtool.c: tpmtool: Added --test-sign
2067 2015-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2069 * lib/gnutls_global.c, lib/tpm.c: Deinitialize the TPM subsystem
2070 only when trousers support is enabled
2072 2015-07-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
2074 * configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
2075 lib/gnutls_global.c, lib/gnutls_global.h,
2076 lib/includes/gnutls/gnutls.h.in, lib/tpm.c: TPM: don't link to
2077 trousers, use dlopen() That introduces --with-trousers-lib which can be used to specify the
2078 library to dlopen(). Resolves #18
2080 2015-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2082 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
2083 auto-generated files
2085 2015-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2087 * NEWS, configure.ac, m4/hooks.m4: bumped version
2089 2015-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2091 * lib/includes/gnutls/pkcs11.h: pkcs11: mention the version
2092 GNUTLS_PKCS11_TOKEN_MODNAME is available from
2094 2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2098 2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2100 * lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
2103 2015-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2105 * tests/pskself.c: tests: updated pskself to check the hint in all
2108 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2112 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2114 * src/pkcs11.c: p11tool: be more compact in token URL printing
2116 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2118 * src/p11tool-args.def: p11tool: group the provided options for
2121 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2123 * src/p11tool-args.def, src/p11tool.c: p11tool: keep backwards
2124 compatibility by introducing --list-token-urls That is, the output of --list-tokens remains the same.
2126 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2128 * src/pkcs11.c: p11tool: print the module name of a token in verbose
2131 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2133 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
2134 lib/pkcs11_write.c, lib/pkcs11x.c: Added GNUTLS_PKCS11_TOKEN_MODNAME
2135 for gnutls_pkcs11_token_get_info That allows to obtain the shared module name of a token URL.
2137 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2139 * lib/includes/gnutls/pkcs11.h: pkcs11.h: doc update
2141 2015-07-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
2143 * src/p11tool-args.def, src/p11tool.c: p11tool: less verbose output
2144 in --list-tokens unless --verbose is specified
2146 2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
2148 * tests/suppressions.valgrind: tests: added suppression for bash mem
2151 2015-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2153 * configure.ac, tests/Makefile.am, tests/cert-tests/Makefile.am:
2154 tests: don't run certtool-utf8 when libidn is 1.30 or less This avoids test suite failures due to libidn.
2156 2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
2158 * src/cli-args.def: gnutls-cli: doc update
2160 2015-07-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
2162 * lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.
2164 2015-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
2166 * gl/m4/valgrind-tests.m4: gl: use /bin/true to run valgrind during
2167 configure Bash has memory leaks, which prevents the valgrind check to operate
2168 using the SHELL variable.
2170 2015-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
2172 * tests/cert-tests/Makefile.am, tests/cert-tests/certtool-utf8:
2173 tests: added check for invalid UTF8 encoded string
2175 2015-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
2177 * configure.ac: Revert "libidn support is disabled by default" This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad.
2179 2015-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2181 * : commit d63c088edd15f20318b396f2298744cbf9e1a392 Author: Daniel
2182 Kahn Gillmor <dkg@fifthhorseman.net> Date: Thu Jul 2 14:28:32 2015
2185 2015-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2189 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2191 * lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
2192 public key should depend on P not Y That allows to do the proper evaluation to check certificate
2193 strength. Reported by Hubert Kario.
2195 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2197 * tests/dsa/Makefile.am, tests/dsa/dsa-pubkey-1018.pem,
2198 tests/dsa/testdsa: tests: check whether we print the prime size in
2201 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2203 * lib/x509/name_constraints.c: name constraints: simplified
2204 gnutls_x509_name_constraints_check_crt()
2206 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2208 * tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
2209 tests/cert-tests/name-constraints-ip.pem: tests: verify that
2210 unsupported name constraints are properly handled
2212 2015-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2214 * lib/x509/name_constraints.c: name constraints: don't reject
2215 certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
2216 constraints, and the end certificate doesn't have an IPaddress name
2219 2015-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2221 * po/ms.po.in: Sync with TP.
2223 2015-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2225 * configure.ac: libidn support is disabled by default That is until the issues with libidn get resolves. Relates #10
2227 2015-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2231 2015-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2233 * tests/Makefile.am, tests/atfork.c: tests: added a test for the
2234 fork detection interface
2236 2015-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2238 * tests/resume-dtls.c: tests: resume-dtls: increased timeouts
2240 2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2242 * configure.ac, lib/atfork.c, lib/atfork.h: Don't use
2243 pthread_atfork(), it is not safe to use with dlopen() http://austingroupbugs.net/view.php?id=851
2245 2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2247 * lib/atfork.c, lib/atfork.h: atfork: added underscore to
2250 2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2252 * lib/atfork.c, lib/atfork.h, lib/nettle/rnd-fips.c,
2253 lib/nettle/rnd.c, lib/pkcs11.c: simplified fork detection
2255 2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2257 * lib/x509/privkey.c: enhanced header matching code for private keys
2258 to skip unrelated data
2260 2015-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
2262 * tests/cert-tests/Makefile.am, tests/cert-tests/privkey-import,
2263 tests/cert-tests/privkey1.pem, tests/cert-tests/privkey2.pem,
2264 tests/cert-tests/privkey3.pem: tests: added private key import
2267 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2269 * lib/x509/privkey.c: gnutls_x509_privkey_import: optimized private
2272 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2274 * lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
2275 when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
2276 trying all encrypted options.
2278 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2280 * tests/key-openssl.c: tests: added check to verify that
2281 gnutls_x509_privkey_import2 works for plain keys That is, when a password is provided and the key is non encrypted.
2283 2015-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
2285 * lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
2286 release any data on failure Resolves #15
2288 2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
2290 * tests/cert-tests/aki, tests/cert-tests/certtool,
2291 tests/cert-tests/crq, tests/cert-tests/dane,
2292 tests/cert-tests/email, tests/cert-tests/invalid-sig,
2293 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
2294 tests/cert-tests/pkcs7, tests/cert-tests/template-test,
2295 tests/dsa/testdsa, tests/dtls/dtls, tests/dtls/dtls-nb,
2296 tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
2297 tests/nist-pkits/gnutls_test_entry, tests/nist-pkits/pkits_crl,
2298 tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
2299 tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test,
2300 tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
2301 tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
2302 tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
2303 tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
2304 tests/sha2/sha2-dsa, tests/slow/override-ciphers,
2305 tests/slow/test-ciphers, tests/suite/certs/create-chain.sh,
2306 tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
2307 tests/suite/invalid-cert, tests/suite/testcompat-main-openssl,
2308 tests/suite/testcompat-main-polarssl,
2309 tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
2310 tests/suite/testdane, tests/suite/testpkcs11,
2311 tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
2312 tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
2313 tests/suite/testrng, tests/suite/testsrn, tests/userid/userid:
2314 tests: tab indent + minor style changes Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2316 2015-06-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
2318 * tests/suite/ciphersuite/scan-gnutls.sh: tests: modified
2319 test-ciphersuite-names to work with cpp 5.1.1
2321 2015-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2323 * tests/suite/test-ciphersuite-names: tests: test-ciphersuite-names:
2324 create any needed dirs
2326 2015-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2328 * tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
2329 tests/suite/ciphersuite/test-ciphersuites.sh,
2330 tests/suite/test-ciphersuite-names: tests: moved
2331 test-ciphersuites.sh one level up That simplifies running the script outside make check.
2333 2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
2335 * tests/suite/ciphersuite/scan-gnutls.sh,
2336 tests/suite/ciphersuite/test-ciphers.js,
2337 tests/suite/ciphersuite/test-ciphersuites.sh: tests: suite:
2338 ciphersuite: fixups fix separate builddir issue, without modifying locations, quite
2339 ugly. re-indent using tab. fix shebang. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2341 2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
2343 * tests/pkcs1-padding/pkcs1-pad, tests/suite/testcompat-openssl,
2344 tests/suite/testcompat-polarssl: tests: enforce UTC timezone in
2345 datefudge tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2347 2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
2349 * tests/cert-tests/aki, tests/cert-tests/certtool,
2350 tests/cert-tests/crq, tests/cert-tests/dane,
2351 tests/cert-tests/email, tests/cert-tests/invalid-sig,
2352 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
2353 tests/cert-tests/pkcs7, tests/cert-tests/template-test,
2354 tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
2355 tests/openpgp-certs/testselfsigs: tests: misc: shell cleanup leftovers minor sync. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2357 2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
2359 * configure.ac, tests/suite/certs/create-chain.sh,
2360 tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
2361 tests/suite/invalid-cert, tests/suite/testcompat-common,
2362 tests/suite/testcompat-main-openssl,
2363 tests/suite/testcompat-main-polarssl,
2364 tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
2365 tests/suite/testdane, tests/suite/testpkcs11,
2366 tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
2367 tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
2368 tests/suite/testrng, tests/suite/testsrn: tests: suite: cleanup
2369 shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Fix separate builddir issues. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2371 2015-06-21 Alon Bar-Lev <alon.barlev@gmail.com>
2373 * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
2374 tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
2375 tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
2376 tests/sha2/sha2-dsa, tests/slow/override-ciphers,
2377 tests/slow/test-ciphers, tests/userid/userid: tests: misc: cleanup
2378 shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup indentation to be consistent with other tests. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2380 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2382 * tests/Makefile.am: tests: fixed includes
2384 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2386 * lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
2387 lib/gnutls_global.c, lib/gnutls_str.h, lib/x509/ocsp_output.c: move
2388 all gettext definitions in gnutls_str.h
2390 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2392 * cross.mk: cross.mk: updated for 3.4.2
2394 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2396 * lib/gnutls_str.h: gnutls_str: include gettext.h when dgettext is
2399 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2401 * tests/Makefile.am, tests/mini-dtls-fork.c, tests/mini-dtls-mtu.c,
2402 tests/mini-dtls-pthread.c, tests/mini-dtls-record-asym.c,
2403 tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/pkcs12_simple.c,
2404 tests/rsa-encrypt-decrypt.c, tests/utils.c, tests/utils.h,
2405 tests/x509sign-verify.c, tests/x509sign-verify2.c: tests: don't
2406 depend on gnulib That dependency unfortunately causes many portability problems on
2407 platforms where it should have worked out of the box.
2409 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2413 2015-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2415 * devel/perlasm/cpuid-x86.pl, doc/scripts/cleanup-autogen.pl,
2416 doc/scripts/gdoc, doc/scripts/getfuncs-map.pl,
2417 doc/scripts/getfuncs.pl, doc/scripts/sort1.pl,
2418 doc/scripts/sort2.pl, doc/scripts/split-texi.pl,
2419 doc/scripts/split.pl, tests/nist-pkits/build-chain: use the same
2422 2015-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2424 * tests/cert-tests/certtool: tests: added a verify-chain test case
2426 2015-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2428 * tests/scripts/common.sh: tests: don't quote provider in common.sh That caused testpkcs11 to fail.
2430 2015-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2432 * tests/mini-alignment.c: tests: don't enforce alignment rules for
2435 2015-06-17 Alon Bar-Lev <alon.barlev@gmail.com>
2437 * tests/cert-tests/aki, tests/cert-tests/certtool,
2438 tests/cert-tests/crq, tests/cert-tests/dane,
2439 tests/cert-tests/email, tests/cert-tests/invalid-sig,
2440 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
2441 tests/cert-tests/pkcs7, tests/cert-tests/template-test: tests:
2442 cert-tests: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2444 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2446 * .gitlab-ci.yml: Added gitlab-ci.yml
2448 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2450 * lib/libgnutls.map: reduced the exported functions to the minimum
2453 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2455 * lib/gnutls_extensions.c: _gnutls_ext_register was made static
2457 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2459 * lib/libgnutls.map: libgnutls.map: use a 3.4 related name for
2460 private functions This eliminates any collisions with functions from 3.3.x
2462 2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
2464 * tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry,
2465 tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
2466 tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
2467 tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test: tests:
2468 nist-pkits: cleanup shell/perl usage Add quotes for most usages of variables. Added ${} for variables. Consistent indent. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2470 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2472 * tests/Makefile.am: tests: force link with nettle of mini-alignment
2474 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2476 * tests/Makefile.am, tests/oids.c: tests: Check the OID functions
2478 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2482 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2484 * lib/algorithms.h, lib/algorithms/ecc.c, lib/algorithms/mac.c,
2485 lib/algorithms/publickey.c, lib/algorithms/sign.c, lib/gnutls_pk.c,
2486 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
2487 lib/libgnutls.map, lib/x509/common.c, lib/x509/crl.c,
2488 lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
2489 lib/x509/ocsp.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
2490 lib/x509/privkey_pkcs8.c: Exported functions to convert from and to
2493 2015-06-18 Saurav Babu <saurav.babu@samsung.com>
2495 * src/cli.c: gnutls-cli: Fixed Possible Memory Leak This patch fixes possible memory leak in psk_callback() function,
2496 rawkey is allocated memory by gnutls_malloc() and is not freed when
2497 gnutls_hex_decode() returns with error Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2499 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2501 * lib/x509/pkcs7.c: pkcs7: corrected write_signer_id() when
2502 GNUTLS_PKCS7_WRITE_SPKI was used
2504 2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
2506 * tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs:
2507 tests: openpgp-certs: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2509 2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
2511 * tests/key-tests/key-id, tests/key-tests/pkcs8: tests: key-tests:
2512 cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2514 2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
2516 * tests/ecdsa/ecdsa: tests: ecdsa: cleanup shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2518 2015-06-18 Alon Bar-Lev <alon.barlev@gmail.com>
2520 * tests/dsa/testdsa, tests/scripts/common.sh: tests: dsa: cleanup
2521 shell usage Add quotes for most usages of variables. Added ${} for variables. Cleanup trailing spaces. Removal of unneeded ';'. Minor fix in tests/scripts/common.sh at trap to pass message and
2522 avoid killing. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2524 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2526 * lib/gnutls_mbuffers.c: indentation fix
2528 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2530 * lib/gnutls_int.h: Always align in 16-byte boundary our input to
2531 crypto That allows faster operations in almost all instruction sets.
2533 2015-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
2535 * tests/Makefile.am, tests/mini-alignment.c: tests: added check for
2538 2015-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2540 * tests/cert-tests/template-test: tests: only run test with long
2541 dates in 64-bit systems
2543 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2545 * tests/cert-tests/template-date.pem,
2546 tests/cert-tests/template-dn.pem,
2547 tests/cert-tests/template-generalized.pem,
2548 tests/cert-tests/template-nc.pem,
2549 tests/cert-tests/template-overflow.pem,
2550 tests/cert-tests/template-overflow2.pem,
2551 tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
2552 tests/cert-tests/template-utf8.pem: tests: regenerate the results in
2553 template-test using UTC times
2555 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2557 * lib/gnutls_pubkey.c: ensure that gnutls_pubkey_verify_data2
2558 returns 0 on success
2560 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2562 * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c:
2563 Added gnutls_pkcs7_get_signature_count
2565 2015-06-17 Alon Bar-Lev <alon.barlev@gmail.com>
2567 * tests/suite/Makefile.am: tests: suite: run testpkcs11 if PKCS#11
2568 is enabled Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2570 2015-06-17 Alon Bar-Lev <alon.barlev@gmail.com>
2572 * tests/nist-pkits/gnutls_test_entry,
2573 tests/suite/certs/create-chain.sh: tests: remove bash usage Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2575 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2579 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2581 * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
2582 tests/cert-tests/template-dn.pem,
2583 tests/cert-tests/template-generalized.pem,
2584 tests/cert-tests/template-generalized.tmpl,
2585 tests/cert-tests/template-nc.pem,
2586 tests/cert-tests/template-overflow.pem,
2587 tests/cert-tests/template-overflow2.pem,
2588 tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
2589 tests/cert-tests/template-utf8.pem: tests: verify that we generate
2590 dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050.
2592 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2594 * lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1
2595 structure follow the RFC5280 recommendations
2597 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2599 * lib/x509/common.c: Set time in PKCS #7 structures properly (in
2602 2015-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
2606 2015-06-16 Alon Bar-Lev <alon.barlev@gmail.com>
2608 * tests/cert-tests/pkcs7: tests: cert-tests: pkcs7: support separate
2609 builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2611 2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2613 * symbols.last: account new symbols
2615 2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2617 * doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: updated
2618 makefiles for the new functions
2620 2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2622 * lib/x509/pkcs7.c, lib/x509/x509_ext.c: doc update
2624 2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2626 * lib/x509/Makefile.am, lib/x509/pkcs7-output.c,
2627 lib/x509/pkcs7_output.c: use common base for pkcs7 files
2629 2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2631 * NEWS, lib/libgnutls.map: added missing symbol
2633 2015-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2635 * NEWS: released 3.4.2
2637 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2639 * src/certtool-args.def, src/certtool.c, tests/cert-tests/pkcs7:
2640 certtool: made explicit the inclusion of time in PKCS #7 signatures
2642 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2644 * lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs7.c: pkcs7:
2645 write the DER encoded time
2647 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2649 * src/certtool.c: certtool: include the signature time in PKCS #7
2652 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2654 * lib/x509/pkcs7.c: pkcs7: corrected usage of
2655 GNUTLS_PKCS7_INCLUDE_TIME flag
2657 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2659 * tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out:
2660 tests: minor updates in pkcs7 output checks to match new certtool
2662 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2664 * src/certtool.c: certtool: rely on gnutls_pkcs7_print() even more
2666 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2668 * lib/x509/pkcs7_output.c: pkcs7: print certificates and CRLs in
2671 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2675 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2677 * src/certtool.c: certtool: use gnutls_pkcs7_print() - partially
2679 2015-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
2681 * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
2682 lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7_output.c:
2683 Added gnutls_pkcs7_print()
2685 2015-06-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
2687 * configure.ac, m4/hooks.m4: bumped version
2689 2015-06-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
2691 * tests/Makefile.am, tests/x509sign-verify2.c: tests: added
2692 signature/verification stress test
2694 2015-06-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
2696 * tests/suite/testcompat-main-openssl,
2697 tests/suite/testcompat-main-polarssl: tests: check also individual
2698 ciphers for interoperability
2700 2015-06-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
2702 * lib/fips.c: fips140: better debug messages when verifying MAC
2704 2015-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
2706 * src/tpmtool.c: tpmtool: added newline in error messages
2708 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2710 * lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
2713 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2715 * tests/rng-fork.c: tests: check random generator for long outputs
2718 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2720 * lib/fips.c: fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is
2721 setup do not perform integrity tests
2723 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2725 * lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
2728 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2730 * lib/nettle/rnd-fips.c: fips140: when reseeding only reseed the
2731 required context not all
2733 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2735 * lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
2736 the reseed and generate function
2738 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2740 * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
2741 enforce the max_number_of_bits_per_request
2743 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2745 * tests/cert-tests/full.p7b.out, tests/cert-tests/pkcs7,
2746 tests/cert-tests/single-ca.p7b.out: tests: do not include times in
2747 the PKCS #7 checks as they depend on local timezone
2749 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2751 * lib/x509/pkcs7.c: pkcs7: addressed memory leaks
2753 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2755 * lib/x509/pkcs7-attrs.c: doc update
2757 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2761 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2763 * tests/Makefile.am, tests/pkcs7-gen.c: tests: Added PKCS #7
2764 attribute generation check
2766 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2768 * tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out:
2769 tests: updated for new certtool output
2771 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2773 * src/certtool.c: certtool: print signed and unsigned PKCS #7
2776 2015-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
2778 * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn,
2779 lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pkcs7-attrs.c,
2780 lib/x509/pkcs7.c, lib/x509/x509_int.h: Added code to parse and set
2783 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2785 * tests/cert-tests/pkcs7: tests: added PKCS #7 verification check
2788 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2790 * lib/gnutls_errors.c, lib/gnutls_pubkey.c,
2791 lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
2792 lib/includes/gnutls/x509.h, lib/x509/pkcs7.c, lib/x509/x509.c: use
2793 the same flags in all verification functions
2795 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2797 * lib/x509/pkcs7.c: _decode_pkcs7_signed_data: fixed mem leaks
2799 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2801 * lib/x509/common.h, lib/x509/x509.c, lib/x509/x509_int.h:
2802 Initialization of gnutls_x509_dn_t was modified to allow
2803 deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and
2804 gnutls_x509_crt_get_issuer() return a constant value and avoid
2807 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2809 * doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: doc:
2810 Separated the PKCS #7 in manual
2812 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2816 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2818 * tests/cert-tests/pkcs7: tests: check PKCS #7 structure signature
2821 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2823 * tests/cert-tests/Makefile.am, tests/cert-tests/p7-combined.out,
2824 tests/cert-tests/pkcs7: tests: check PKCS #7 bundle generation
2826 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2828 * src/certtool-args.def, src/certtool-common.c,
2829 src/certtool-common.h, src/certtool.c: certtool: added
2830 --p7-generate, --p7-sign and --p7-detached-sign
2832 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2834 * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
2835 lib/x509/common.c, lib/x509/pkcs7.c: Added gnutls_pkcs7_sign()
2837 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2839 * lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c:
2840 Added gnutls_pkcs7_get_crl_raw2
2842 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2844 * src/certtool.c: certtool: print the signing time when available
2846 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2848 * lib/includes/gnutls/pkcs7.h, lib/x509/common.c, lib/x509/pkcs7.c:
2849 pkcs7 verification: parse the signing time
2851 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2853 * lib/x509/pkcs7.c: on PKCS #7 verification check the the content
2854 type matches the signed data
2856 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2858 * src/certtool.c: certtool: print more info about the PKCS #7 struct
2860 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2862 * src/certtool-args.def, src/certtool-common.c, src/certtool.c:
2863 certtool: allow verification against a direct PKCS #7 signer
2865 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2867 * tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
2868 tests/cert-tests/pkcs7-detached.txt: tests: added checks with PKCS
2871 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2873 * lib/x509/pkcs7.c: pkcs7 verification: return
2874 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data
2877 2015-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2879 * src/certtool-args.def, src/certtool-common.h, src/certtool.c:
2880 certtool: allow verifying PKCS #7 with detached data
2882 2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2884 * src/certtool-args.def, src/certtool.c: certtool: improved PKCS #7
2887 2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2889 * tests/cert-tests/pkcs7: tests: check the key purpose in PKCS #7
2892 2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2894 * tests/cert-tests/Makefile.am, tests/cert-tests/full.p7b.out,
2895 tests/cert-tests/pkcs7: tests: added PKCS #7 test with more than 1
2898 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2900 * src/certtool-args.def, src/certtool-common.h, src/certtool.c:
2901 certtool: allow verification of PKCS #7 structures
2903 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2905 * lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
2906 lib/x509/x509.c: Initialization of gnutls_x509_dn_t was modified to
2907 allow deinitialization after failure
2909 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2911 * lib/includes/Makefile.am, lib/includes/gnutls/pkcs7.h,
2912 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
2913 lib/pkix_asn1_tab.c, lib/x509/dn.c, lib/x509/pkcs7.c: Added PKCS #7
2914 signature(s) verification
2916 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2918 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
2919 lib/x509/verify-high.c: Added
2920 gnutls_pkcs11_get_raw_issuer_by_subject_key_id and
2921 gnutls_x509_trust_list_get_issuer_by_subject_key_id
2923 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2925 * tests/dn.c: tests: added check for gnutls_x509_dn_get_str
2927 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2929 * lib/libgnutls.map, lib/x509/x509.c: added gnutls_x509_dn_get_str
2931 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2933 * lib/gnutls_privkey.c: doc update
2935 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2937 * lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
2938 lib/x509/privkey.c, lib/x509/x509.c: Added
2939 gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()
2941 2015-06-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
2943 * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c: verify PKCS
2946 2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
2948 * lib/x509/pkcs7.c, lib/x509/x509_int.h: updated PKCS #7 code to
2951 2015-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2953 * lib/pkcs11.c: When manual PKCS #11 configuration is requested
2954 don't initialize other providers
2956 2015-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2958 * src/certtool.c: certtool: deinitialize PKCS #7 resources
2960 2015-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2962 * tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
2963 tests/cert-tests/single-ca.p7b.out: tests: Added tests for PKCS7
2966 2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
2968 * gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
2969 gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
2970 gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
2971 gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
2972 gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
2973 gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
2974 src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
2975 src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: Revert
2976 "updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.
2978 2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
2980 * configure.ac: silence format-signness warnings in gcc5
2982 2015-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
2984 * gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
2985 gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
2986 gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
2987 gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
2988 gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
2989 gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
2990 src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
2991 src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: updated
2994 2015-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
2996 * lib/x509/ocsp_output.c: Check the OID size for match when
2997 comparing for the OCSP nonce extension Reported by Hanno Böck.
2999 2015-05-23 Armin Burgmeier <armin@arbur.net>
3001 * lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
3002 used Before, the number of bits of a zero-length number was attempted to
3003 be extracted, resulting in an error. The changed behaviour is
3004 consistent with the documentation which explicitly states that 0
3005 should be returned if no DH key exchange was performed.
3007 2015-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3009 * lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
3010 include a leading zero
3012 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3014 * lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
3015 the DH max prime size with 1007 bits or less
3017 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3019 * lib/verify-tofu.c: cleanup unused variable
3021 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3023 * lib/verify-tofu.c: corrected allocation check
3025 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3027 * lib/pkcs11.c: removed useless check
3029 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3031 * lib/gnutls_pubkey.c: document intentional fallthrough in switch
3033 2015-05-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3035 * lib/ext/ecc.c: ecc ext: check return code of
3036 _gnutls_buffer_append_data
3038 2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3040 * tests/no-signal.c: tests: enhance the no-signal check to include
3043 2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3047 2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3049 * tests/Makefile.am, tests/no-signal.c: tests: check the operation
3052 2015-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3054 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
3055 lib/system.c, lib/system.h: Allow the usage of MSG_NOSIGNAL in send
3056 functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which
3057 is available in systems that support the MSG_NOSIGNAL flag to
3058 send(). That eases the usage of the library within other libraries.
3061 2015-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3063 * lib/accelerated/x86/aes-gcm-x86-pclmul.c,
3064 lib/accelerated/x86/hmac-padlock.c: include nettle/memxor when
3067 2015-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
3069 * src/serv.c: gnutls-serv: send alert when wrong data have been
3070 received from client
3072 2015-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3076 2015-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
3078 * lib/nettle/cipher.c: camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard.
3080 2015-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3082 * lib/gnutls_x509.c: doc update
3084 2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3086 * doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib:
3087 doc: added section about subject alternative names
3089 2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3091 * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
3092 lib/gnutls_int.h: handshake_start_time was moved out of the
3093 DTLS-specific variables
3095 2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3097 * lib/gnutls_handshake.c: apply default timeout for DTLS in
3098 gnutls_handshake_set_timeout
3100 2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3102 * tests/hostname-check.c: tests: do not perform internationalized
3103 name checks without libidn
3105 2015-05-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
3107 * tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
3110 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3112 * tests/mini-loss-time.c: tests: eliminate mem leaks in
3115 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3117 * tests/suite/testdane: tests: testdane: remove dane.nox.su from the
3118 list of known to be good hosts
3120 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3124 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3126 * tests/mini-loss-time.c: tests: mini-loss-time enhanced to check
3127 proper timeouts in both client and server
3129 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3131 * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
3132 lib/gnutls_state.c: dtls: combined the total timeouts of DTLS and
3133 TLS handshake That also makes the waits for packets more robust against blocking.
3135 2015-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
3137 * lib/includes/gnutls/compat.h: define
3138 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA
3140 2015-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3142 * doc/cha-tokens.texi: doc: updated text to account for pkcs11-url
3145 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3147 * tests/mini-dtls-mtu.c: tests: mini-dtls-mtu: compile in windows
3149 2015-05-04 Jaak Ristioja <jaak.ristioja@cyber.ee>
3151 * doc/cha-intro-tls.texi: doc: Fixed typo in heartbeat
3154 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3156 * cross.mk: cross.mk: updated for 3.4.1
3158 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3160 * devel/abi3.4.xml: updated abi base for 3.4
3162 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3164 * NEWS: NEWS: updated
3166 2015-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3168 * NEWS, configure.ac, m4/hooks.m4: released 3.4.1
3170 2015-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3172 * lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts
3174 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3176 * doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
3179 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3181 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: use
3182 macro for DTLS default timeout
3184 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3186 * lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
3189 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3193 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3195 * lib/gnutls_handshake.c, lib/gnutls_record.c: document the need for
3196 gnutls_transport_set_pull_timeout_function
3198 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3200 * doc/cha-gtls-app.texi: doc: updated async operation text
3202 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3204 * lib/gnutls_handshake.c, lib/gnutls_state.c: disable default
3205 handshake timeout It caused issues with non-blocking TLS clients and servers which may
3206 not want to block while the pull timeout function waits.
3208 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3210 * tests/Makefile.am, tests/mini-tls-nonblock.c: tests: added check
3211 to verify that pull timeout is not called on non-blocking sessions
3213 2015-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3215 * lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
3216 lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
3217 lib/includes/gnutls/gnutls.h.in, lib/system_override.c:
3218 GNUTLS_NONBLOCK can be used for non-DTLS sessions as well
3220 2015-04-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
3222 * lib/system_override.c: doc update
3224 2015-04-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
3226 * lib/algorithms/ciphersuites.c: doc update
3228 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3230 * tests/Makefile.am, tests/keygen.c, tests/slow/Makefile.am,
3231 tests/slow/keygen.c: tests: key generation test was moved to main
3232 checks This will allow to catch memory leaks with valgrind.
3234 2015-04-28 Jan Vcelak <jan.vcelak@nic.cz>
3236 * lib/nettle/pk.c: fix memory leak in ECDSA key parameters
3237 verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
3239 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3241 * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
3244 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3248 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3250 * lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS
3251 name constraints with leading dot Patch by Fotis Loukos. Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
3253 2015-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
3255 * doc/cha-upgrade.texi: doc update
3257 2015-04-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3259 * lib/pkcs11.c: updated text for gnutls_pkcs11_init
3261 2015-04-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
3263 * doc/cha-tokens.texi: updated pkcs11 loading documentation
3265 2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3267 * tests/mini-etm.c: tests: mini-etm: use TLS as the transport layer
3269 2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3271 * tests/sign-md5-rep.c: tests: added comment for sign-md5-rep
3273 2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3275 * .gitignore: more files to ignore
3277 2015-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3279 * po/fr.po.in: Sync with TP.
3281 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3285 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3287 * tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
3288 for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.
3290 http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
3292 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3294 * lib/ext/signature.c: before falling back to SHA1 as signature
3295 algorithm in TLS 1.2 check if it is enabled
3297 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3299 * lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
3300 consider any values from the extension data to decide acceptable
3303 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3307 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3309 * tests/mini-x509-cert-callback.c: tests: added unit tests for
3310 gnutls_certificate_client_get_request_status
3312 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3314 * lib/auth/cert.c: set the value used by
3315 gnutls_certificate_client_get_request_status prior to selecting
3316 certificate That allows gnutls_certificate_client_get_request_status() to be
3317 properly operating from the callback. Reported by Anton Lavrentiev.
3319 2015-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3321 * lib/gnutls_cert.c: updated doc for retrieve function
3323 2015-04-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
3325 * doc/cha-bib.texi, doc/latex/gnutls.bib: updated PKCS #11 URL
3326 references to rfc7512
3328 2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3330 * lib/gnutls_cert.c: doc update
3332 2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3334 * tests/x509self.c: tests: added check for gnutls_credentials_get
3336 2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3338 * lib/gnutls_auth.c, lib/gnutls_cert.c: doc update
3340 2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3342 * lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev
3344 2015-04-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
3346 * doc/cha-upgrade.texi: doc: corrected typo
3348 2015-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3350 * tests/resume-dtls.c: tests: resume-dtls: remove global variables
3352 2015-04-21 Andreas Metzler <ametzler@bebt.de>
3354 * doc/cha-gtls-app.texi: List all certificate type priority strings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3356 2015-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3358 * lib/auth/rsa.c: tls-rsa: keep a common code path when doing RSA
3359 decryption Suggested by Nimrod Aviram.
3361 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3363 * tests/mini-dtls-rehandshake.c, tests/mini-handshake-timeout.c,
3364 tests/mini-key-material.c, tests/mini-loss-time.c,
3365 tests/mini-record-retvals.c, tests/mini-rehandshake-2.c: tests:
3366 initialize status where needed
3368 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3370 * tests/openpgp-auth2.c: tests: cleanup openpgp-auth2
3372 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3374 * tests/mini-dtls-rehandshake.c: tests: cleanup
3375 mini-dtls-rehandshake
3377 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3379 * tests/resume-dtls.c, tests/resume.c: tests: resume: check for
3382 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3386 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3390 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3392 * tests/certificate_set_x509_crl.c, tests/mini-record-range.c,
3393 tests/mini-x509-callbacks.c, tests/openpgp-auth2.c,
3394 tests/record-sizes-range.c, tests/resume.c: tests: reduced compiler
3397 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3399 * tests/mini-x509.c: tests: verify the return value of
3400 gnutls_certificate_get_ours when no cert is sent
3402 2015-04-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
3404 * tests/resume-dtls.c, tests/resume.c: tests: close unused file
3405 descriptors in resume checks
3407 2015-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3409 * configure.ac, src/Makefile.am: libopts: fixed the reading of the
3410 --enable-local-libopts flag
3412 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3414 * src/cli.c, src/common.c, src/common.h: gnutls-cli: when no
3415 certificate is sent, notify the user
3417 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3419 * tests/Makefile.am, tests/mini-x509-cert-callback.c: tests: added
3420 check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c
3422 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3424 * tests/openpgp-callback.c: tests: added check for
3425 gnutls_certificate_get_ours() when used in combination with
3428 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3430 * tests/x509dn.c: tests: improved x509dn check
3432 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3434 * lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
3435 certificate even if a callback was used This corrects a bug where this function would not work, when
3436 gnutls_certificate_set_retrieve_function2() was used.
3438 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3440 * src/cli-args.def: gnutls-cli: when a certificate is specified
3441 require the corresponding private key
3443 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3445 * lib/x509/x509.c: ensure that the X.509 version number is one byte
3448 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3450 * lib/x509/x509.c: Check for invalid length in the X.509 version
3451 field If such an invalid length is detected, reject the certificate.
3452 Reported by Hanno Böck.
3454 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3456 * lib/x509/ocsp.c: ocsp: initialize certs to NULL
3458 2015-04-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
3460 * src/serv.c: gnutls-serv: print when the peer's certificate is not
3463 2015-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3465 * po/fr.po.in: Sync with TP.
3467 2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
3469 * lib/system-keys-win.c: ncrypt.h lacks some defines with some
3470 versions of MinGW. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3472 2015-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3474 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
3475 auto-generated files
3477 2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
3479 * lib/system-keys-win.c: Fix a preprocessor warning about mismatched
3480 quotes. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3482 2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
3484 * lib/system-keys-win.c: Set _WIN32_WINNT to 0x600, at least with
3485 some MinGW versions ncrypt.h checks this define to be at least
3486 0x600. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3488 2015-04-18 Tim Kosse <tim.kosse@filezilla-project.org>
3490 * lib/gnutls_supplemental.c: Fix include order, include gnutls_int.h
3491 before gnutls.h, otherwise undefined external references to
3492 gnutls_free and gnutls_strdup are the result when statically linking
3493 against GnuTLS built by MinGW. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
3495 2015-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3497 * src/benchmark-cipher.c: gnutls-cli: removed CCM from the ciphers
3498 tested with the old API That prevents a crash of the benchmark. Reported by James Cloos.
3500 2015-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3502 * lib/gnutls_cipher_int.c: refuse to use the old cipher API with
3505 2015-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3507 * tests/mini-termination.c, tests/resume-dtls.c, tests/resume.c:
3508 tests: ignore sigpipe in resume and termination tests
3510 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3512 * doc/cha-internals.texi: doc: added error check in example
3514 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3516 * doc/cha-internals.texi: doc update
3518 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3520 * doc/cha-internals.texi: doc: removed stray @end
3522 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3524 * lib/gnutls_pubkey.c: doc update
3526 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3528 * NEWS, lib/x509/x509.c: doc update
3530 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3532 * lib/x509/output.c: x509: when printing the keyid of a certificate
3533 use the curve name for randomart
3535 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3537 * lib/x509/x509.c: gnutls_x509_crt_get_pk_* are based on
3538 gnutls_pubkey_export_*
3540 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3542 * lib/gnutls_pubkey.c: gnutls_pubkey_export_* are tolerable in null
3545 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3547 * lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
3548 lib/libgnutls.map, lib/x509/x509.c: Added
3549 gnutls_x509_crt_get_pk_ecc_raw()
3551 2015-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3553 * lib/extras/randomart.c: randomart: corrected usage of snprintf
3555 2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3557 * src/certtool.c: certtool: when generating an ECDSA key use the
3558 curve name in random art
3560 2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3562 * lib/extras/randomart.c: randomart: only print key size if it is
3565 2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3567 * cross.mk: cross.mk: updated for 3.4.0
3569 2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3571 * tests/utils.c: Remove SOCK_CLOEXEC from socket() call. That allows compilation in systems where this flag doesn't exist.
3574 2015-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3576 * doc/cha-gtls-app.texi: document the recommended re-handshake
3579 2015-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3581 * doc/manpages/Makefile.am: remove duplicate entries from manpages
3584 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3588 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3590 * tests/cert-tests/certtool: tests: enhanced cert tests with SHA256
3593 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3595 * src/certtool.c: certtool: modified to allow different key ID
3598 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3600 * lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
3601 lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
3602 lib/x509/x509.c: Added flags which modify the algorithm used for key
3605 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3607 * src/certtool-args.def: doc update
3609 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3611 * lib/gnutls_record.c: doc update
3613 2015-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
3615 * lib/gnutls_record.c: gnutls_record_discard_queued() is both for
3618 2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3620 * doc/cha-internals.texi: document the new crypto register functions
3622 2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3624 * src/cli-args.def: doc update
3626 2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3628 * doc/cha-tokens.texi: doc: avoid spaces in showfunc
3630 2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3632 * tests/slow/Makefile.am: tests: added files into dist
3634 2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3636 * m4/hooks.m4: configure: ask for nettle 3.1
3638 2015-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3640 * NEWS: released 3.4.0
3642 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3644 * src/cli-args.def: gnutls-cli: document the method to override the
3647 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3649 * lib/accelerated/x86/aes-ccm-x86-aesni.c: fixed AESNI CCM
3652 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3654 * lib/accelerated/x86/aes-ccm-x86-aesni.c: cleanups in CCM-aesni
3656 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3658 * tests/suite/testcompat-main-polarssl: tests: test CCM-8 against
3661 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3663 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: test
3666 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3668 * README.md: doc: added 'git submodule update' to clone steps
3670 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3672 * NEWS, doc/announce.txt: doc update
3674 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3676 * doc/announce.txt: doc update
3678 2015-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3680 * lib/crypto-backend.c: removed unused functions
3682 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3684 * lib/crypto-backend.c, lib/gnutls_cipher_int.c: extend the fallback
3685 to setkey in addition to init
3687 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3689 * lib/crypto-backend.c: doc update
3691 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3693 * tests/slow/Makefile.am, tests/slow/cipher-override2.c,
3694 tests/slow/override-ciphers: tests: verify the behavior of
3695 GNUTLS_E_NEED_FALLBACK
3697 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3699 * lib/crypto-backend.c, lib/gnutls_cipher_int.c,
3700 lib/includes/gnutls/gnutls.h.in: introduced GNUTLS_E_NEED_FALLBACK
3701 to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls
3702 should proceed with the default algorithms.
3704 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3706 * lib/algorithms/ciphersuites.c: ciphersuites: moved CCM
3707 ciphersuites in the appropriate ifdefs
3709 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3711 * tests/suite/ciphersuite/test-ciphers.js: tests: ciphersuite test
3712 will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different
3715 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3717 * doc/cha-intro-tls.texi: document CCM and CCM-8
3719 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3723 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3725 * tests/mini-record-2.c, tests/mini-record-failure.c,
3726 tests/mini-record.c: tests: added CCM and CCM_8 into ciphersuite
3729 2015-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
3731 * lib/accelerated/x86/aes-ccm-x86-aesni.c,
3732 lib/accelerated/x86/x86-common.c, lib/algorithms/ciphers.c,
3733 lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in,
3734 lib/nettle/cipher.c: Added CCM-8 ciphersuites
3736 2015-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3738 * doc/announce.txt: updated announce text
3740 2015-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3742 * symbols.last: symbols: added the new supplemental functions
3744 2015-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3746 * doc/cha-upgrade.texi: doc update
3748 2015-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3750 * tests/cert-tests/template-test: tests: delay tests that depend on
3751 timing when they fail That often prevents failures on busy systems.
3753 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3755 * lib/nettle/cipher.c: don't enforce iv_size > block_size; it is no
3756 longer true for all ciphers
3758 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3760 * lib/gnutls_cipher.c: simplified calc_enc_length_stream
3762 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3766 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3768 * tests/mini-supplementaldata.c: tests: updated supplemental API
3770 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3772 * lib/gnutls_extensions.c: gnutls_ext_register will fail on double
3775 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3777 * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in:
3778 gnutls_supplemental_register will fail on double registration
3780 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3782 * NEWS, symbols.last: symbols: added new exported functions
3784 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3786 * doc/Makefile.am, doc/manpages/Makefile.am,
3787 doc/scripts/getfuncs-map.pl: doc: updated makefiles to include new
3790 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3792 * lib/libgnutls.map: libgnutls.map: remove
3793 gnutls_record_set_max_empty_records
3795 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3797 * lib/libgnutls.map: account for the renamed
3798 gnutls_supplemental_recv/send
3800 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3802 * doc/cha-internals.texi: document the export supplemental data API
3804 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3806 * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in:
3807 gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types.
3809 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3811 * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: Added
3812 documentation for gnutls_do_send/recv_supplemental
3814 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3816 * lib/crypto-api.c, lib/gnutls_mem.c, lib/gnutls_privkey.c,
3817 lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
3818 lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
3819 lib/pkcs11_write.c, lib/safe-memfuncs.c, lib/tpm.c: doc updates
3821 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3823 * doc/cha-shared-key.texi, lib/auth/srp_sb64.c,
3824 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
3825 lib/tpm.c, lib/x509_b64.c: the base64 xxx_alloc functions were
3826 renamed to xxx2 That brings them in par with the rest of the allocation functions.
3828 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3830 * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
3831 src/pkcs11.c: p11tool: use the key usage flags to set PKCS #11
3834 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3836 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_int.h,
3837 lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: use key_usage to
3838 set the appropriate flags
3840 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3842 * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in:
3843 cleanups in supplemental data support
3845 2015-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3847 * lib/auth/dh_common.c: DH: do not warn on zero q_bits
3849 2015-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3851 * NEWS: NEWS: rearrange entries
3853 2015-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3855 * src/certtool-common.c: certtool: certtool --generate-dh-params
3856 will account for --outder Resolves #5
3858 2015-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3860 * lib/algorithms/ciphersuites.c: chacha20-poly1305: ciphersuite
3861 numbers correspond to the latest draft
3863 2015-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3865 * src/pkcs11.c: p11tool: improved output message
3867 2015-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
3869 * src/pkcs11.c: removed unecessary warning
3871 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3873 * doc/cha-tokens.texi, lib/includes/gnutls/abstract.h,
3874 lib/includes/gnutls/compat.h: doc update: account for new functions
3876 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3878 * src/pkcs11.c: p11tool: better output text
3880 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3882 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: added
3883 GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL.
3885 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3887 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
3888 p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification.
3890 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3892 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
3893 lib/includes/gnutls/abstract.h, lib/libgnutls.map:
3894 gnutls_priv/pubkey_import_url replace:
3895 gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url
3897 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3899 * src/certtool.c: certtool: corrected import of pubkey in DER format
3901 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3903 * tests/Makefile.am, tests/mini-etm.c: tests: added check for EtM
3906 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3908 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/ext/etm.c,
3909 lib/gnutls_int.h, lib/gnutls_priority.c: only send EtM extension if
3910 we have CBC ciphersuites
3912 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3914 * doc/cha-upgrade.texi: mention gnutls_privkey_sign_raw_data in
3917 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3919 * lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
3920 lib/libgnutls.map: gnutls_privkey_sign_raw_data: converted to macro
3921 over gnutls_privkey_sign_hash
3923 2015-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
3925 * tests/x509sign-verify.c: tests: added check for the legacy
3926 gnutls_privkey_sign_raw_data
3928 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3930 * lib/crypto-selftests.c: avoid compilation warnings in self checks
3933 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3935 * lib/crypto-selftests.c: Revert "selftests: avoid compilatio
3936 warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.
3938 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3942 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3944 * tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on
3945 copy/generation is correct
3947 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3949 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
3950 p11tool: allow setting the CKA_ID on object
3951 initialization/generation
3953 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3955 * lib/libgnutls.map: exported new functions
3957 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3959 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
3960 enhanced key generation functions to allow specifying a CKA_ID
3962 2015-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
3964 * lib/crypto-selftests.c: selftests: avoid compilatio warnings
3966 2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3968 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy
3969 functions to allow specifying a CKA_ID
3971 2015-03-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
3973 * tests/mini-server-name.c: tests: mini-server-name: ignore sigpipe
3975 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3977 * tests/suppressions.valgrind: tests: added more libidn-related
3978 valgrind suppressions
3980 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3982 * doc/texinfo.css: doc: increase border spacing in HTML tables
3984 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3986 * doc/cha-intro-tls.texi: doc: list chacha20-poly1305 to the list of
3989 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3993 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
3995 * doc/manpages/Makefile.am: manpages: automatically adjust the
3996 copyright year on generated pages
3998 2015-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4000 * tests/Makefile.am, tests/mini-server-name.c: tests: added check
4001 for gnutls_server_name_get and gnutls_server_name_set
4003 2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4005 * tests/suite/ciphersuite/test-ciphers.js: test-ciphers.js: improved
4008 2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4010 * lib/algorithms/ciphersuites.c: corrected
4011 GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305
4013 2015-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4015 * tests/suite/ciphersuite/scan-gnutls.sh: updated
4016 test-ciphersuite.sh for new types
4018 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4022 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4024 * lib/x509/x509_ext.c: Better fix for the double free in dist point
4027 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4029 * lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
4032 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4034 * lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey: increase size
4037 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4039 * lib/algorithms/ciphersuites.c: moved chacha20-poly1305
4040 ciphersuites to the 0xCD space
4042 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4044 * lib/crypto-api.c: doc update: replace cryptographic algorithm by
4045 encryption algorithm
4047 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4049 * lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
4050 lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
4051 gnutls_x509_aki_set_cert_issuer will set null-terminated strings
4053 2015-03-27 Jiřà Klimeš <jklimes@redhat.com>
4055 * lib/crypto-api.c: doc: be consistent in the function descriptions Signed-off-by: Jiřà Klimeš <jklimes@redhat.com>
4057 2015-03-27 Jiřà Klimeš <jklimes@redhat.com>
4059 * lib/crypto-api.c: doc: correct the description of crypto API
4060 functions Signed-off-by: Jiřà Klimeš <jklimes@redhat.com>
4062 2015-03-27 Jiřà Klimeš <jklimes@redhat.com>
4064 * doc/examples/ex-client-x509.c, lib/ext/server_name.c,
4065 lib/x509/output.c: Fix a few compiler warnings about unused
4066 variables [-Wunused-variable] Signed-off-by: Jiřà Klimeš <jklimes@redhat.com>
4068 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4070 * lib/gnutls_cipher.c: fixed CHACHA20-POLY1305 in DTLS
4072 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4074 * src/benchmark-cipher.c, src/benchmark-tls.c: gnutls-cli: added
4075 chacha-poly1305 into benchmarks
4077 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4079 * lib/gnutls_dtls.c: when calculating record overhead account for
4080 chacha20 which doesn't send the nonce on the wire
4082 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4084 * tests/mini-record-2.c, tests/mini-record.c: tests: include
4085 chacha20 into transfer tests
4087 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4089 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
4090 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_int.h: Added
4091 the CHACHA20-POLY1305 ciphersuites (with random IDs)
4093 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4095 * lib/algorithms/ciphers.c, lib/crypto-selftests.c,
4096 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c: added
4097 chacha20-poly1305 as cipher
4099 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4101 * tests/mini-record-retvals.c: tests: check retvals in block ciphers
4103 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4105 * lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
4106 send data size That reduced the maximum send size for CBC ciphers from 16384 to
4107 16384-(block size), which was unnecessary and was causing issues:
4108 https://bugs.winehq.org/show_bug.cgi?id=37500
4110 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4114 2015-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4116 * lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c,
4117 lib/includes/gnutls/gnutls.h.in:
4118 gnutls_record_set_max_empty_records: removed
4120 2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4122 * lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
4123 points Reported by Robert Święcki.
4125 2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4127 * lib/gnutls_buffers.c: Added a tight loop around the legacy push
4128 function That reduces the need for more expensive outer loops. Originally
4129 suggested by Anton Lavrentiev.
4131 2015-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4133 * src/gl/Makefile.am, src/gl/fseeko.c, src/gl/m4/dup2.m4,
4134 src/gl/m4/printf.m4, src/gl/m4/stdio_h.m4, src/gl/m4/time_h.m4,
4135 src/gl/signal.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
4136 src/gl/time.in.h, src/gl/vasnprintf.c, src/gl/xalloc.h: updated
4139 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4141 * src/p11tool-args.def: p11tool: more precise documentation of
4144 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4146 * m4/hooks.m4: depend on nettle 3.1 or later
4148 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4150 * tests/cert-tests/email: tests: updated email check for renamed
4151 --verify-email option
4153 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4155 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
4156 the size of ck_attributes
4158 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4160 * lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
4163 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4165 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
4166 CKA_ID on key generation
4168 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4170 * src/p11tool.c: p11tool: reduced debugging output
4172 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4176 2015-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
4178 * src/certtool-args.def, src/certtool.c: certtool: --purpose,
4179 --hostname were renamed to --verify-purpose, --verify-hostname
4181 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4183 * src/p11tool-args.def, src/p11tool.c: p11tool: added --mark-no-sign
4184 and --mark-no-decrypt options
4186 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4188 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
4189 lib/pkcs11_write.c: pkcs11: added flags to mark keys as not-being
4190 signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and
4191 GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during
4192 generation or write of keys.
4194 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4196 * lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
4197 when writing a private key
4199 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4201 * tests/resume-dtls.c: tests: cleanups in resume-dtls
4203 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4205 * lib/ext/server_name.c: ext: server_name: move name length check
4206 prior to IDN convertion
4208 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4210 * lib/ext/server_name.c: When an application calls
4211 gnutls_server_name_set() with a name of zero size disable the
4212 extension Resolves #2
4214 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4216 * lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: check
4217 CN for match only if certificate would have been acceptable for
4218 GNUTLS_KP_TLS_WWW_SERVER
4220 2015-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
4222 * lib/x509/name_constraints.c: Apply DNS name constraints on CN
4223 field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos.
4225 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4227 * tests/mini-loss-time.c: tests: mini-loss-time is less prone to
4230 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4232 * tests/cert-tests/suppressions.valgrind: tests: added valgrind
4233 suppressions in cert-tests for libidn
4235 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4237 * src/certtool.c: certtool: eliminated memory leaks on verification
4239 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4243 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4245 * tests/cert-tests/Makefile.am, tests/cert-tests/email,
4246 tests/cert-tests/email-certs/chain.exclude.test.example.com,
4247 tests/cert-tests/email-certs/chain.invalid.example.com,
4248 tests/cert-tests/email-certs/chain.test.example.com,
4249 tests/cert-tests/email-certs/chain.test.example.com-2: tests: Added
4250 email verification tests with certtool
4252 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4254 * src/certtool-args.def, src/certtool.c: certtool: added the --email
4255 option, to use in verification
4257 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4261 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4263 * lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
4264 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
4265 lib/libgnutls.map, lib/openpgp/compat.c,
4266 lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
4267 lib/x509/Makefile.am, lib/x509/email-verify.c,
4268 lib/x509/verify-high.c: Added gnutls_x509_crt_check_email(),
4269 gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME
4271 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4273 * tests/test-chains.h: tests: verify that we accept a certificate
4274 with no name even if its CA has nameconstraints
4276 2015-03-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
4278 * lib/x509/name_constraints.c: name constraints: when no name of the
4279 type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.
4281 2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
4283 * tests/resume-dtls.c: tests: increase the timeout in resume-dtls
4285 2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
4287 * lib/pkcs11.c: gnutls_pkcs11_obj_export3: allow operation when
4288 raw.data is NULL and we have a public key
4290 2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
4292 * lib/pkcs11.c: pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with
4293 the public key is not present. For that we use the key parameters,
4294 which we encode into a key. Issue reported by Frank Leavis.
4296 2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
4298 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
4299 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
4300 build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
4301 build-aux/useless-if-before-free, build-aux/vc-list-files,
4302 doc/gendocs_template, gl/Makefile.am, gl/m4/gnulib-cache.m4,
4303 gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4, gl/m4/printf.m4,
4304 gl/m4/stdio_h.m4, gl/m4/time_h.m4, gl/m4/ungetc.m4,
4305 gl/stdio-impl.h, gl/stdio.in.h, gl/tests/Makefile.am,
4306 gl/tests/init.sh, gl/tests/test-u64.c, gl/time.in.h, gl/u64.c,
4307 gl/u64.h, gl/vasnprintf.c, maint.mk: gnulib: removed u64 module
4309 2015-03-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
4311 * lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/gnutls_int.h: drop
4312 support for gnulib's u64
4314 2015-03-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
4316 * tests/suite/testcompat-main-openssl: tests: check legacy RC4 in
4317 testcompat That would prevent losing compatibility without detecting it. That
4318 is currently the case since it is no longer enabled by default.
4320 2015-03-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
4322 * tests/Makefile.am, tests/mini-record-retvals.c: tests: added check
4323 to verify the correctness of the record function return values
4325 2015-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4327 * src/common.c, src/crywrap/crywrap.c, src/tests.c: tools: enable
4328 compilation with all options disabled
4330 2015-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4332 * lib/gnutls_auth.c, lib/gnutls_ui.c: enable compilation with
4333 several options disabled
4335 2015-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4339 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4341 * lib/gnutls_auth.c, lib/gnutls_state.c, lib/pkcs11.c,
4342 lib/pkcs11_privkey.c, lib/x509/crq.c, lib/x509/pkcs7.c: doc: avoid
4343 mentioning pointers when not needed
4345 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4347 * configure.ac: increase the maximum stack frame the compiler will
4350 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4352 * lib/algorithms/ciphersuites.c, lib/crypto-api.c, lib/ext/alpn.c,
4353 lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c,
4354 lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
4355 lib/ext/server_name.c, lib/ext/session_ticket.c,
4356 lib/ext/signature.c, lib/ext/srtp.c, lib/ext/status_request.c,
4357 lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
4358 lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.c,
4359 lib/gnutls_dh.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
4360 lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
4361 lib/gnutls_privkey_raw.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
4362 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session.c,
4363 lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c,
4364 lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/extras.c,
4365 lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
4366 lib/openpgp/privkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
4367 lib/pkcs11x.c, lib/system-keys-win.c, lib/system_override.c,
4368 lib/tpm.c, lib/verify-tofu.c, lib/x509/crl.c, lib/x509/crl_write.c,
4369 lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
4370 lib/x509/hostname-verify.c, lib/x509/name_constraints.c,
4371 lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c,
4372 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
4373 lib/x509/privkey.c, lib/x509/privkey_openssl.c,
4374 lib/x509/privkey_pkcs8.c, lib/x509/verify-high.c,
4375 lib/x509/verify-high2.c, lib/x509/x509.c, lib/x509/x509_ext.c,
4376 lib/x509/x509_write.c: doc: avoid using structure for opaque types
4378 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4380 * tests/mini-extension.c: tests: include gnutls_ext_s/get_data into
4381 tests of mini-extension
4383 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4385 * lib/gnutls_extensions.c: updated documentation on non-return value
4386 of gnutls_ext_set_data
4388 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4390 * tests/mini-dtls0-9.c: tests: fixed buffers in mini-dtls0-9
4392 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4394 * lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS
4396 2015-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
4398 * lib/auth/srp.c, lib/ext/alpn.c, lib/ext/etm.c,
4399 lib/ext/heartbeat.c, lib/ext/max_record.c,
4400 lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
4401 lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/srp.c,
4402 lib/ext/srtp.c, lib/ext/status_request.c, lib/gnutls_extensions.c,
4403 lib/gnutls_extensions.h, lib/gnutls_int.h, lib/gnutls_str.h,
4404 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: added
4405 gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from
4406 union to void * pointer. That simplifies the exported API without
4407 reducing the options in the internal API.
4409 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4411 * .gitignore: more files to ignore
4413 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4415 * lib/includes/gnutls/gnutls.h.in: set GNUTLS_DTLS_VERSION_MIN to be
4416 DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9
4418 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4420 * tests/Makefile.am, tests/mini-dtls0-9.c: tests: added test for
4423 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4425 * tests/mini-extension.c: tests: updated mini-extension
4427 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4431 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4433 * doc/cha-internals.texi: mention the new functionality briefly in
4436 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4438 * lib/gnutls_extensions.c, lib/gnutls_supplemental.c: mention that
4439 the registration functions are not thread safe
4441 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4443 * lib/gnutls_extensions.c, lib/gnutls_extensions.h: store a copy of
4446 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4448 * lib/gnutls_global.c: deinitialize supplemental data on deinit
4450 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4452 * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
4453 lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: removed
4454 unused epoch change callback
4456 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4458 * lib/gnutls_global.c, lib/gnutls_supplemental.c,
4459 lib/gnutls_supplemental.h: deinitialize supplemental data on deinit
4461 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4463 * lib/gnutls_hash_int.h, lib/gnutls_supplemental.c: reduce warnings
4465 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4467 * lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_str.h,
4468 lib/gnutls_supplemental.c: added documentation for the new functions
4470 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4472 * tests/mini-supplementaldata.c: tests: remove warnings in
4473 mini-supplementaldata.c
4475 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4477 * lib/includes/gnutls/gnutls.h.in, tests/mini-supplementaldata.c:
4480 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4482 * .gitignore: more files to ignore
4484 2015-03-19 Thierry Quemerais <tquemerais@awox.com>
4486 * lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in,
4487 lib/libgnutls.map, tests/Makefile.am, tests/mini-supplementaldata.c:
4488 Added a way to add custom supplemental data from public API. Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
4490 2015-03-19 Thierry Quemerais <tquemerais@awox.com>
4492 * tests/mini-extension.c: Fixed extension test. Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
4494 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4496 * lib/gnutls_str.h, lib/includes/gnutls/gnutls.h.in,
4497 tests/Makefile.am, tests/mini-extension.c: renamed gnutls_buffer_st
4500 2015-03-19 Thierry Quemerais <tquemerais@awox.com>
4502 * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
4503 lib/gnutls_int.h, lib/gnutls_str.c, lib/gnutls_str.h,
4504 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
4505 tests/mini-extension.c: Added a way to add custom extensions from
4506 public API. Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
4508 2015-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4510 * .gitignore: more files to ignore
4512 2015-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4514 * lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h:
4515 gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always
4518 2015-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4520 * lib/inet_ntop.c: inet_ntop replacement: include sys/socket.h
4522 2015-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
4524 * lib/inet_ntop.c, lib/system.h: inet_ntop replacement: do not
4527 2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4529 * tests/slow/Makefile.am: tests: link cipher tests directly with
4532 2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4534 * tests/mini-dtls-record.c: tests: mini-dtls-record: increase
4535 timeouts to avoid failure of test due to slow system
4537 2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4539 * tests/mini-dtls-record.c: tests: mini-dtls-record: removed the
4540 need for 64-bit number
4542 2015-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4544 * tests/mini-dtls-record.c: tests: increase verbosity of
4547 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4549 * doc/cha-crypto.texi: document the cipher override API
4551 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4555 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4557 * tests/slow/Makefile.am, tests/slow/mac-override.c,
4558 tests/slow/override-ciphers: added test suite for overriden digests
4561 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4563 * lib/accelerated/cryptodev.c, lib/accelerated/x86/x86-common.c,
4564 lib/crypto-backend.c, lib/crypto-backend.h,
4565 lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added API to
4566 register MAC and digest algorithms.
4568 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4570 * tests/slow/Makefile.am, tests/slow/cipher-override.c,
4571 tests/slow/override-ciphers: added test suite for overriden ciphers
4573 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4575 * lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
4576 lib/accelerated/x86/x86-common.c, lib/crypto-backend.c,
4577 lib/crypto-backend.h, lib/includes/gnutls/crypto.h,
4578 lib/libgnutls.map: Added API to register AEAD and legacy ciphers.
4580 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4582 * lib/accelerated/cryptodev-gcm.c: cryptodev: provide the new AEAD
4585 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4587 * lib/gnutls_global.c: Added environment variable which can override
4588 automatic global initialization
4590 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4592 * lib/crypto-backend.c, lib/crypto-backend.h: removed unused
4595 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4597 * m4/hooks.m4: configure: fail compilation if the minimum required
4598 libtasn1 is not present
4600 2015-03-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
4604 2015-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4606 * tests/long-session-id.c: tests: long-session-id uses the test
4609 2015-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4613 2015-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4615 * configure.ac, lib/pkcs11.c: depend on p11-kit 0.23.1 to conform to
4616 draft-pechanec-pkcs11uri-21
4618 2015-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4620 * tests/mini-dtls-record.c: tests: fixed shadowed variable in
4623 2015-03-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
4625 * tests/long-session-id.c, tests/mini-dtls-fork.c,
4626 tests/mini-dtls-pthread.c, tests/mini-dtls-rehandshake.c,
4627 tests/mini-handshake-timeout.c, tests/utils.c, tests/utils.h: tests:
4628 use nanosleep for sleeping
4630 2015-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4632 * README.md: README-alpha: move valgrind to testing tools
4634 2015-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4636 * README.md: updated README-alpha
4638 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4640 * lib/gnutls_supplemental.c: Fixed handling of supplemental data
4641 with types > 255. Patch by Thierry Quemerais.
4643 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4645 * lib/gnutls_priority.c: doc update
4647 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4649 * lib/gnutls_priority.c: gnutls_priority_init: document that
4650 priorities can be NULL
4652 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4654 * tests/suite/testpkcs11.softhsm: testpkcs11: disallow softhsm
4655 2.0.0b1 from being used to test PKCS #11
4657 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4659 * tests/suite/mini-eagain2.c: tests: mini-eagain2: call
4660 gnutls_handshake_set_timeout() at the proper time
4662 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4664 * README.md: added libasan as dependency
4666 2015-03-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
4668 * lib/crypto-selftests.c: corrected self test for 3DES
4670 2015-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4672 * lib/pkcs11.c: pkcs11: correctly set the size of type
4674 2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4676 * lib/pkcs11.c: pkcs11: combined the fill for object attributes set
4678 2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4680 * lib/pkcs11.c: pkcs11: only set ID and label when both size and
4683 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4687 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4691 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4693 * src/pkcs11.c: p11tool: exit with non-zero reason if no objects are
4696 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4698 * tests/suite/testpkcs11: tests: added checks for p11tool --set-id
4701 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4703 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
4704 p11tool: added --set-id and --set-label options
4706 2015-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
4708 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
4709 lib/pkcs11_int.c, lib/pkcs11_int.h: added
4710 gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the
4711 CKA_LABEL of an object. Resolves #1
4713 2015-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4715 * tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
4716 tests/cert-tests/invalid-sig.pem: Added check for GNUTLS-SA-2015-1
4718 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4720 * tests/test-chains.h: tests: removed test with invalid DER encoding
4721 in chainverify These certificates are now rejected earlier.
4723 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4725 * tests/Makefile.am, tests/strict-der.c: tests: added a check for
4726 certificates with invalid DER encodings
4728 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4730 * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
4731 lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
4732 lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/privkey.c,
4733 lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_ext.c:
4734 x509: use libtasn1's strict DER decoding rules in network obtained
4737 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4739 * lib/x509/common.c, m4/hooks.m4: depend on libtasn1 4.3
4741 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4743 * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
4744 lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3
4746 2015-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4748 * doc/cha-internals.texi: rearranged internal documentation
4750 2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
4752 * src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
4753 src/socket.c: tools: added ftp as a starttls protocol
4755 2015-03-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
4757 * src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
4760 2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4762 * doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
4765 2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4767 * tests/suite/testcompat-polarssl: tests: do not run polarssl
4770 2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4772 * tests/suite/testcompat-common: use common license in all
4775 2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4777 * lib/nettle/pk.c: removed unused function
4779 2015-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4781 * doc/TODO: doc update
4783 2015-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4785 * Makefile.am, README-alpha, README.md: README-alpha is README.md on
4786 repository It contains information for developers.
4788 2015-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4790 * Makefile.am, README, README.md: Revert "auto-generate README from
4791 README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd.
4793 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4795 * README.md: cleaned up licensing
4797 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4799 * Makefile.am, README, README.md: auto-generate README from
4802 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4804 * README.md: Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833.
4806 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4808 * README.md: added README.md as link to README
4810 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4812 * README, README-alpha, README-alpha.md, README.md: Revert "renamed
4813 README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5.
4815 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4817 * README, README-alpha, README-alpha.md, README.md: renamed README
4820 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4822 * README, README-alpha: README: converted to mark-down
4824 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4826 * src/tests.c: gnutls-cli-debug: corrected check of certificate
4829 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4831 * tests/x509cert.c: tests: added small test to verify that
4832 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert
4834 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4836 * src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
4837 unsupported TLS protocols as soon
4839 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4841 * src/socket.c: cli sockets: check for a digit prior using atoi
4843 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4845 * src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
4848 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4850 * src/socket.c: gnutls-cli-debug: do not warn multiple times about
4853 2015-03-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
4855 * doc/cha-support.texi: updated documentation on FIPS140-2
4857 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4859 * tests/suite/testcompat-main-openssl,
4860 tests/suite/testcompat-main-polarssl: tests: speed up testcompat
4861 check by remove less important options
4863 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4865 * tests/suite/softhsm.h: tests: updated paths for softhsm detection
4867 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4869 * README-alpha: README: mention nodejs
4871 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4873 * configure.ac: configure: check for /usr/share/dns/root.key as well
4876 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4878 * README-alpha: README: mention dependency on dns-root-data
4880 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4882 * tests/cert-tests/template-test: tests: don't perform the overflow
4883 check in 32-bit systems
4885 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4887 * tests/cert-tests/template-date.pem,
4888 tests/cert-tests/template-date.tmpl: tests: date parsing test was
4889 modified to work in 32-bit systems
4891 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4893 * src/certtool-cfg.c: certtool: in 32-bit systems use PRIu64 to
4896 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4898 * src/certtool-cfg.c: certtool: exit when there is an overflow in
4901 2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4903 * README-alpha: README: mention that openssl and polarssl will be
4904 used for interop testing
4906 2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4908 * tests/cert-tests/template-test: Revert "tests: increased the
4909 retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869.
4911 2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4913 * tests/cert-tests/Makefile.am,
4914 tests/cert-tests/template-basic.pem,
4915 tests/cert-tests/template-basic.tmpl,
4916 tests/cert-tests/template-test: Revert "tests: template-test: added
4917 a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377.
4919 2015-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
4921 * tests/cert-tests/Makefile.am,
4922 tests/cert-tests/template-basic.pem,
4923 tests/cert-tests/template-basic.tmpl,
4924 tests/cert-tests/template-test: tests: template-test: added a
4925 baseline check to detect slow systems
4927 2015-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4929 * tests/cert-tests/template-test: tests: increased the retries with
4930 datefudge cert generation There are slow systems that are not always capable of generating the
4931 certificate within a single second.
4933 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4935 * README-alpha: add bison as a dependency
4937 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4939 * Makefile.am: build documentation last That allows the examples to depend on libgnu_gpl.la
4941 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4943 * README-alpha: list unbound dependency for DANE
4945 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4947 * tests/suite/testdane: tests: removed dane hosts which don't behave
4950 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4952 * README-alpha: updated instructions for installed packages
4954 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4956 * doc/latex/cover.tex: latex doc: updated copyright dates
4958 2015-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4960 * doc/gnutls.texi: updated copyright date
4962 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4964 * lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
4965 lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
4966 lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
4967 m4/hooks.m4: use asn1_decode_simple_ber if available
4969 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4971 * doc/cha-library.texi: corrected typo
4973 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4975 * doc/cha-library.texi: mention libidn
4977 2015-03-04 Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
4979 * tests/suite/asn1random.pl: asn1random.pl: generate simple tags
4980 only Do not emit tags with numbers greater than or equal 31 as they must
4981 be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
4983 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4985 * lib/gnutls_priority.c: doc update
4987 2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
4989 * tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
4990 tests/cert-tests/invalid-sig2.pem,
4991 tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
4992 X.509 certificate signatures
4994 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
4996 * doc/cha-upgrade.texi: added the change of priority string NORMAL
4999 2015-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
5001 * doc/cha-library.texi: document the usage of a PKCS #11 trust
5002 module for verification
5004 2015-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5006 * tests/suite/testcompat-main-openssl: tests: updated the suite to
5007 account for the removal of DSA by default
5009 2015-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5011 * tests/dsa/testdsa, tests/openpgp-callback.c, tests/openpgpself.c,
5012 tests/priorities.c: tests: updated the suite to account for the
5013 removal of DSA by default
5015 2015-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5019 2015-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5021 * tests/suite/testcompat-main-openssl,
5022 tests/suite/testcompat-main-polarssl,
5023 tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl:
5024 cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses.
5026 2015-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5030 2015-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
5032 * lib/gnutls_priority.c: DSA signatures and DHE-DSS are disabled by
5033 default DSA was an algorithm that was never deployed on the Internet and
5034 had, until very recently, several limitations such as restriction of
5035 its keys to 1024 bits, SHA1-only etc. Given that there are literally
5036 0 internet (HTTPS) certificates using DSA, there is no point to
5037 enable it by default and increase our attack surface.
5039 2015-03-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
5041 * src/benchmark-cipher.c: gnutls-cli: include AES_128_CCM in
5044 2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5046 * lib/gnutls_session.c: doc update
5048 2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5052 2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5054 * lib/gnutls_privkey.c: doc update
5056 2015-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5058 * lib/Makefile.am, lib/inet_ntop.c, lib/system.c, lib/system.h,
5059 lib/x509/output.c: bundle inet_ntop in systems that don't have it
5061 2015-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5063 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
5064 auto-generated files
5066 2015-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5068 * lib/includes/gnutls/abstract.h: removed
5069 gnutls_pubkey_get_verify_algorithm from abstract.h
5071 2015-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
5073 * lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
5074 spotted by Andris Mednis
5076 2015-02-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
5078 * lib/gnutls_session.c: doc update: document that session_get_data()
5079 must be used in non-resumed sessions
5081 2015-02-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
5083 * doc/cha-tokens.texi: doc update
5085 2015-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5087 * lib/algorithms/ciphersuites.c, lib/gnutls_handshake.c: added
5090 2015-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5092 * configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if
5093 available in p11-kit
5095 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5097 * lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN
5099 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5101 * lib/algorithms/ciphersuites.c: removed unnecessary check and
5104 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5106 * lib/algorithms/ciphersuites.c: corrected check which prevented
5107 client to sent an unacceptable for the version ciphersuite
5109 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5113 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5115 * tests/mini-key-material.c: tests: mini-key-material: avoid memory
5118 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5120 * tests/mini-dtls-lowmtu.c, tests/mini-overhead.c,
5121 tests/mini-record.c: tests: require DTLS 1.2 when using GCM
5123 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5125 * lib/gnutls_buffers.c: handle GNUTLS_E_INT_CHECK_AGAIN
5127 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5129 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
5130 lib/gnutls_handshake.c: check the negotiated TLS/DTLS version prior
5131 to offering a ciphersuite a server
5133 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5135 * lib/gnutls_priority.c: remove unnecessary assert
5137 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5139 * doc/cha-upgrade.texi: doc update
5141 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5143 * tests/cve-2009-1415.c, tests/x509sign-verify.c: tests: modified
5144 tests with obsolete APIs with their replacement API
5146 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5148 * doc/cha-upgrade.texi: doc: added deprecated functions into upgrade
5151 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5153 * tests/x509cert-tl.c: tests: added checks for
5154 gnutls_x509_crt_get_signature_algorithm and
5155 gnutls_x509_crt_get_preferred_hash_algorithm
5157 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5161 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5163 * lib/crypto-backend.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
5164 lib/gnutls_pubkey.c, lib/libgnutls.map, lib/nettle/pk.c,
5165 lib/x509/verify.c, lib/x509/x509.c: removed
5166 gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs
5168 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5170 * lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/x509.c:
5171 removed gnutls_x509_crt_get_verify_algorithm()
5173 2015-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5175 * lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
5176 lib/libgnutls.map: removed gnutls_pubkey_verify_hash() and
5177 gnutls_pubkey_verify_data()
5179 2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5181 * src/certtool-common.h: certtool: use unsigned for bits
5183 2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5185 * src/certtool.c, src/p11tool.c: certtool/p11tool: avoid cast to
5188 2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5190 * src/certtool-args.def, src/certtool.c: certtool: allow specifying
5191 a purpose and a hostname for chain verification
5193 2015-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5195 * tests/Makefile.am, tests/x509cert-invalid.c: tests: added check
5196 for invalid X.509 certificate
5198 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5200 * tests/Makefile.am, tests/mini-key-material.c: tests: added check
5201 for gnutls_record_get_state()
5203 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5205 * lib/gnutls_constate.c: removed unused constants
5207 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5209 * lib/gnutls_state.c: memcpy fix in gnutls_record_get_state
5211 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5213 * ltmain.sh: removed ltmain.sh from root
5215 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5219 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5221 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
5222 lib/libgnutls.map: Added gnutls_record_get_state() and
5223 gnutls_record_set_state() These functions allow to export the key material and sequence
5224 numbers. That allows offloading the sending and receiving of
5227 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5229 * lib/gnutls_record.c: fixed sequence number copy
5231 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5235 2015-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5237 * lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in:
5238 gnutls_handshake_set_hook_function: will provide the raw handshake
5241 2015-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5243 * lib/includes/gnutls/gnutls.h.in: use explicit casts to unsigned
5244 int in the CURVE_TO_BITS et al
5246 2015-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5248 * lib/x509/pkcs12_encr.c: use cast in _gnutls_hash_fast
5250 2015-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
5252 * lib/x509/x509.c: when importing a certificate ensure that the
5253 signature parameters match
5255 2015-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5257 * lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
5260 2015-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5262 * src/cli-args.def, src/cli.c: gnutls-cli: added --save-cert option
5264 2015-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5266 * lib/includes/gnutls/gnutls.h.in: added missing prototypes
5268 2015-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5270 * src/cli.c: handle differently OCSP responses that are revoked and
5273 2015-02-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
5275 * src/common.c: compilation fix with return on void function;
5276 reported by David Marx
5278 2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
5280 * lib/gnutls_state.c: doc update
5282 2015-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
5284 * lib/gnutls_buffers.c: set the appropriate direction when
5285 _gnutls_io_write_flush() is called
5287 2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5289 * tests/Makefile.am, tests/mini-dtls-pthread.c: tests: added check
5290 for operation under different threads and DTLS
5292 2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5294 * tests/Makefile.am, tests/mini-dtls-fork.c: tests: added check for
5295 operation under different processes and DTLS
5297 2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5299 * NEWS: Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.
5301 2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5303 * lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
5304 lib/libgnutls.map: Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.
5306 2015-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
5308 * doc/cha-gtls-app.texi: documented using a session with fork or
5311 2015-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5315 2015-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
5317 * lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
5318 lib/libgnutls.map: Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and
5319 gnutls_record_send() can be used independently and in parallel.
5321 2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5323 * lib/gnutls_buffers.c: print errno in a more uniform way
5325 2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5327 * NEWS, lib/system.c: doc update
5329 2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5331 * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
5332 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
5333 lib/system.h, lib/system_override.c: exported
5334 gnutls_system_recv_timeout()
5336 2015-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5338 * lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
5341 2015-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
5343 * lib/opencdk/kbnode.c, lib/opencdk/read-packet.c: opencdk: small
5344 fixed to reduce warnings
5346 2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
5348 * lib/gnutls_ui.c: doc update
5350 2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
5352 * src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
5353 so verbose about the OCSP nonce; it is universally unsupported
5355 2015-01-17 Tim Ruehsen <tim.ruehsen@gmx.de>
5357 * src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
5359 2015-01-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
5361 * lib/x509/x509.c: on certificate import check whether the two
5362 signature algorithms match
5364 2015-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5366 * cross.mk: cross.mk: use 3.3.12
5368 2015-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5370 * lib/x509/key_decode.c: doc update
5372 2015-01-12 Luke Dashjr <luke-jr+git@utopios.org>
5374 * Makefile.am, configure.ac, doc/manpages/Makefile.am: Added
5375 configure option --disable-tools
5377 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5379 * libdane/errors.c: corrected typos Reported by Guido Kroon.
5381 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5383 * lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
5384 obsolete versions That prevents using these versions as record version numbers, unless
5385 they are the only protocol supported. This avoids the issues with
5386 servers that have banned SSL 3.0 record versions.
5388 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5390 * src/ocsptool-common.c: ocsptool: follow the documented process for
5391 gnutls_x509_crt_get_authority_info_access
5393 2015-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
5395 * lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
5398 2015-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
5400 * src/ocsptool-common.c: ocsptool-common: iterate through all AIA
5401 items prior to decidig the OCSP server
5403 2015-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
5405 * lib/fips.c: use a FIPS key that agree's with fedora's fipshmac
5407 2015-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5409 * devel/DCO/people-dco.txt: DCO: Added Luke Dashjr
5411 2015-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5413 * src/cli-args.def: simplified text for inline-commands-prefix
5415 2015-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5417 * src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
5418 --starttls-proto option
5420 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5422 * lib/pkcs11.c: pkcs11: cleanup the name of types
5424 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5426 * tests/suite/softhsm.h: tests: updates in softhsm detection
5428 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5430 * lib/pkcs11.c: pkcs11: when importing a public key, import it's
5431 data as well (version 2 fix)
5433 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5435 * lib/x509/verify.c: doc update
5437 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5439 * tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
5442 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5444 * lib/libgnutls.map: removed gnutls_pubkey_get_pk_* from the
5445 exported function list
5447 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5449 * tests/key-import-export.c: tests: key-import-export: enhanced to
5450 test gnutls_pubkey_*_ecc_x962
5452 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5454 * lib/gnutls_pubkey.c: gnutls_pubkey_t: allow the import of another
5455 parameter set without a leak
5457 2015-01-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
5459 * lib/gnutls_pubkey.c: removed ABI-compatibility functions
5461 2015-01-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
5463 * src/certtool-args.def: doc update
5465 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5467 * tests/suite/testpkcs11.softhsm: testpkcs11: modified to support
5468 both softhsmv1 and v2
5470 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5472 * lib/pkcs11.c: pkcs11: when importing a public key, import it's
5475 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5477 * tests/key-import-export.c: tests: enhanced key-import-export to
5478 check output of pubkeys
5480 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5482 * tests/openpgp-callback.c: tests: eliminated leaks
5484 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5486 * lib/gnutls_cert.c: doc update
5488 2015-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5490 * tests/Makefile.am, tests/key-import-export.c: tests: added checks
5491 for private key import/export functions
5493 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5495 * doc/TODO: doc update
5497 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5499 * tests/Makefile.am, tests/openpgp-callback.c: tests: Added test
5500 case for openpgp keys loaded by callback
5502 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5504 * lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
5505 from a client, the server verifies if it supports the extension’s
5506 contents in _gnutls_session_cert_type_supported(). This function
5507 checks for cred->get_cert_callback but not cred->get_cert_callback2.
5508 As a result, servers setup for OpenPGP certificate credential
5509 callback with gnutls_certificate_set_retrieve_function2() are unable
5510 to use the OpenPGP certificate type. The solution is to consider cred->get_cert_callback2 alongside
5511 cred->get_cert_callback in _gnutls_session_cert_type_supported(). Patch by Rick van Rein.
5513 2015-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5515 * lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
5516 release the cached value
5518 2015-01-08 Ludovic Courtès <ludo@gnu.org>
5520 * NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
5521 during expansion and at run time. Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. * guile/modules/gnutls.in: Wrap '%libdir' definition and 'load-extension' call in 'eval-when'.
5523 2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5525 * lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
5526 record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712
5528 2015-01-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
5530 * tests/mini-dtls-record-asym.c: tests: updated
5531 mini-dtls-record-asym
5533 2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5535 * tests/mini-dtls-record-asym.c: tests: better documentation of
5536 mini-dtls-record-asym purpose
5538 2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5540 * tests/mini-dtls-mtu.c, tests/utils.c, tests/utils.h: tests: moved
5541 udp_socketpair to utils
5543 2015-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5545 * tests/mini-dtls-record-asym.c: tests: corrected asymmetric MTU
5546 test for DTLS and added caching
5548 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5550 * tests/Makefile.am, tests/mini-dtls-record-asym.c: Added test case
5551 for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712
5553 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5555 * lib/gnutls_buffers.c: simplified _gnutls_dgram_read()
5557 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5559 * src/Makefile.am: danetool: only compile when dane is enabled
5561 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5563 * lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
5564 exceed MTU Resolves: https://savannah.gnu.org/support/?108715
5566 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5568 * lib/gnutls_buffers.c: Added more precise check of push functions
5571 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5573 * lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
5574 lib/system.h: Revert "in DTLS don't use writev() when multiple
5575 packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab.
5577 2015-01-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
5579 * lib/gnutls_buffers.c: Revert "Give precedence to vector push
5580 function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5.
5582 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5584 * lib/gnutls_buffers.c: Give precedence to vector push function
5586 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5588 * lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
5589 lib/system.h: in DTLS don't use writev() when multiple packets which
5590 exceed MTU are queued That change requires the system_write() to be registered
5591 unconditionally, even when writev() is available. Resolves:
5592 https://savannah.gnu.org/support/?108715
5594 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5596 * tests/Makefile.am, tests/mini-dtls-mtu.c: tests: added check to
5597 ensure that DTLS handshake packets will not exceed MTU
5599 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5601 * src/certtool.c: certtool: warn when setting a certificate's
5602 expiration longer than the CA's expiration
5604 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5606 * tests/suite/testpkcs11: testpkcs11: detect softhsm2
5608 2015-01-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
5610 * tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
5611 tests/record-sizes.c: tests: account for disabling of ARCFOUR where
5614 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5616 * src/certtool-cfg.c: certtool: modified check for READ_NUMERIC
5618 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5620 * src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
5623 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5625 * src/certtool-cfg.c: certtool: check for overflows when reading
5628 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5630 * src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
5631 type for integers read
5633 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5635 * src/socket.c: gnutls-cli-debug: more precise handling of SMTP
5636 protocol Patch by Andreas Metzler.
5638 2015-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5640 * gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
5641 gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
5642 gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
5643 gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
5644 gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
5645 gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
5646 gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
5647 gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
5648 gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
5649 gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
5650 gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
5651 gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
5652 gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
5653 gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
5654 gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
5655 gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
5656 gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
5657 gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
5658 gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
5659 gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
5660 gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
5661 gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
5662 gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
5663 gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
5664 gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
5665 gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
5666 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
5667 gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
5668 gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
5669 gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
5670 gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
5671 gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
5672 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
5673 gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
5674 gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
5675 gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
5676 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
5677 gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
5678 gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
5679 gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
5680 gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
5681 gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
5682 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
5683 gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
5684 gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
5685 gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
5686 gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
5687 gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
5688 gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
5689 gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
5690 gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
5691 gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
5692 gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
5693 gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
5694 gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
5695 gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
5696 gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
5697 gl/tests/signature.h, gl/tests/test-alloca-opt.c,
5698 gl/tests/test-base64.c, gl/tests/test-binary-io.c,
5699 gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
5700 gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
5701 gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
5702 gl/tests/test-float.c, gl/tests/test-fputc.c,
5703 gl/tests/test-fread.c, gl/tests/test-fstat.c,
5704 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
5705 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
5706 gl/tests/test-ftello4.c, gl/tests/test-func.c,
5707 gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
5708 gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
5709 gl/tests/test-iconv.c, gl/tests/test-init.sh,
5710 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
5711 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
5712 gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
5713 gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
5714 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
5715 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
5716 gl/tests/test-stdlib.c, gl/tests/test-string.c,
5717 gl/tests/test-strings.c, gl/tests/test-strnlen.c,
5718 gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
5719 gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
5720 gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
5721 gl/tests/test-sys_wait.h, gl/tests/test-time.c,
5722 gl/tests/test-u64.c, gl/tests/test-unistd.c,
5723 gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
5724 gl/tests/test-vc-list-files-cvs.sh,
5725 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
5726 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
5727 gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
5728 gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
5729 gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
5730 src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
5731 src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
5732 src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
5733 src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
5734 src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
5735 src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
5736 src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
5737 src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
5738 src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
5739 src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
5740 src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
5741 src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
5742 src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
5743 src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
5744 src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
5745 src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
5746 src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
5747 src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
5748 src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
5749 src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
5750 src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
5751 src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
5752 src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
5753 src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
5754 src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
5755 src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
5756 src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
5757 src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
5758 src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
5759 src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
5760 src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
5761 src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
5762 src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
5763 src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
5764 src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
5765 src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
5766 src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
5767 src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
5768 src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
5769 src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
5770 src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
5771 src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
5772 src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
5773 src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
5774 src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
5775 src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
5776 src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
5777 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
5778 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
5779 src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
5780 src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
5781 src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
5782 src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
5783 src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
5784 src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
5785 src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
5786 src/gl/parse-datetime.y, src/gl/printf-args.c,
5787 src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
5788 src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
5789 src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
5790 src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
5791 src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
5792 src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
5793 src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
5794 src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
5795 src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
5796 src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
5797 src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
5798 src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
5799 src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
5800 src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
5801 src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
5802 src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
5803 src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
5804 src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
5805 src/gl/xsize.h: updated gnulib
5807 2015-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5809 * src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
5812 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5814 * lib/x509/output.c: use explicit casts in the dummy ip conversion
5817 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5821 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5823 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
5824 lib/gnutls_priority.c: ARCFOUR-128 is disabled by default
5826 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5830 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5834 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5836 * lib/system-keys-win.c: system-keys-win: use LoadLibraryA to load
5839 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5841 * Makefile.am, devel/abi3.4.xml: Updated abi-compliance-checker for
5844 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5846 * Makefile.am, symbols.last: updated export symbols list (due to ABI
5849 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5851 * doc/Makefile.am: doc: updated auto-generated files
5853 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5855 * doc/doc.mk, doc/manpages/Makefile.am: generate manpages for urls.h
5858 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5860 * tests/suite/pkcs11-get-issuer.c: tests: added check for
5861 gnutls_x509_trust_list_get_issuer_by_dn()
5863 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5865 * lib/libgnutls.map: updated libgnutls.map for new functions
5867 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5869 * doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc:
5870 updated auto-generated files and added urls.h
5872 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5874 * tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
5875 added checks for the new --key-id and --fingerprint certtool options
5877 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5879 * src/certtool-args.def, src/certtool.c: certtool: Added
5880 --fingerprint and --key-id options
5882 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5884 * src/certtool.c: certtool: --pubkey-info will load a public key
5887 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5889 * lib/system.h: include netinet/in.h if present to access ipv6
5890 related structures Based on patch by Rumko. https://savannah.gnu.org/support/?108713
5892 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5894 * lib/gnutls_priority.c: VERS-ALL adds all protocols if used with
5897 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5901 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5903 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: priority strings
5904 VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding
5905 protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously.
5907 2014-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5909 * lib/includes/gnutls/gnutls.h.in: gnutls.h: made DTLS protocol
5910 version numbering distinct
5912 2014-12-30 Matthias-Christian Ott <ott@mirix.org>
5914 * lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
5915 textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
5916 _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
5917 textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
5918 this case and thus does not need to be called.
5920 2014-12-30 Matthias-Christian Ott <ott@mirix.org>
5922 * lib/accelerated/x86/aes-gcm-padlock.c,
5923 lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
5924 VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
5925 _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
5926 textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
5927 the plaintext length (last parameter) is greater than zero and
5928 segfault otherwise. The assembler code for both functions is
5929 automatically generated and imported from OpenSSL, so to ease
5930 maintenance the length should be validated in the functions that
5931 call padlock_ecb_encrypt or padlock_cbc_encrypt.
5933 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5935 * lib/system.c: use backslashes in windows path
5937 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5939 * tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test
5941 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5943 * lib/openpgp/output.c: openpgp: properly print names in oneline
5946 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5948 * lib/openpgp/output.c: updates in openpgp DSA key printing
5950 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5952 * lib/openpgp/output.c: properly print openpgp names
5954 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5956 * lib/opencdk/Makefile.am: opencdk: print all warnings on
5959 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5961 * lib/opencdk/armor.c: opencdk: eliminated warning from armor.c
5963 2014-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5965 * lib/opencdk/keydb.c: removed cache support for opencdk's keydb It's implementation looked buggy.
5967 2014-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5969 * NEWS: updated guile comments
5971 2014-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5973 * src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
5974 functions only when OCSP is enabled
5976 2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5978 * lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
5979 gnutls_pubkey_import_ecc_x962().
5981 2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5983 * src/certtool-args.def, src/p11tool-args.def: tools: document the
5986 2014-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5988 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
5989 tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
5990 tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
5991 tests/suite/testpkcs11.softhsm: PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with
5992 softhsmv2 and CKA_TRUSTED.
5993 https://bugzilla.redhat.com/show_bug.cgi?id=1177086
5995 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
5997 * lib/safe-memfuncs.c: updated documentation of gnutls_memcmp()
5999 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6001 * doc/cha-tokens.texi, lib/x509/x509.c: use everywhere the new name
6002 of gnutls_x509_crt_import_pkcs11_url
6004 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6006 * lib/pkcs11_privkey.c: better cleanup in
6007 gnutls_pkcs11_privkey_import_url and allow reuse
6009 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6011 * doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
6012 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
6013 separated the two gnulibs to avoid conflicts
6015 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6017 * gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
6018 gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
6019 gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
6020 gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
6021 gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
6022 src/gl/Makefile.am, src/gl/m4/extensions.m4,
6023 src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
6024 src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
6025 src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
6026 src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
6027 src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib
6029 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6031 * lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/urls.c,
6032 lib/urls.h, lib/x509/x509.c: dropped the sanitize URL approach
6034 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6036 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
6037 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c:
6038 Instead of sanitizing URLs, use hints to support incomplete PKCS#11
6041 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6043 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c:
6044 gnutls_x509_crt_import_url replaces
6045 gnutls_x509_crt_import_pkcs11_url
6047 2014-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6049 * lib/pkcs11.c: use p11_kit_uri_get_pin_source instead of
6050 p11_kit_uri_get_pinfile
6052 2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6056 2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6058 * doc/examples/ex-pkcs11-list.c: ex-pkcs11-list.c: updated for new
6061 2014-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6063 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
6064 lib/x509/verify-high.c, lib/x509/verify-high2.c: combined
6065 gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces
6066 gnutls_pkcs11_obj_list_import_url3() and
6067 gnutls_pkcs11_obj_list_import_url4().
6069 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6071 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
6072 lib/x509/verify-high2.c: first attempt to unify obj_attrs with
6075 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6077 * tests/suite/pkcs11-is-known.c: tests: pkcs11-is-known checks
6078 whether the import of PKCS #11 objects as trusted certs works
6080 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6082 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
6083 tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
6084 tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
6085 tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in
6088 2014-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6090 * lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
6091 #11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
6092 token URL, but rather a direct reference to specific objects.
6094 2014-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6096 * lib/gnutls_psk.c: PSK: added sanity check on PSK key size set
6098 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6100 * src/tests.c: gnutls-cli-debug: removed ARCFOUR-40 from the ciphers
6101 to use It is no longer supported.
6103 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6105 * lib/gnutls_str.c: _gnutls_buffer_append_data returns zero on
6108 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6110 * lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
6111 for the cork/uncork functions Reported by Jaak Ristioja.
6113 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6115 * lib/gnutls_record.c: doc update
6117 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6119 * lib/algorithms/protocols.c: Added more precise version check in
6120 _gnutls_version_lowest
6122 2014-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6124 * lib/gnutls_record.c: corrected documentation of gnutls_cork()
6126 2014-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6128 * lib/gnutls_str.c: Added 32-bit overflow protection in
6129 _gnutls_buffer_append_data()
6131 2014-12-17 Jaak Ristioja <jaak.ristioja@cyber.ee>
6133 * lib/gnutls_str.c: Remove redundant condition in
6134 align_allocd_with_data(). At all call-sites of align_allocd_with_data() dest->data is
6135 non-NULL. Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
6137 2014-12-17 Jaak Ristioja <jaak.ristioja@cyber.ee>
6139 * lib/gnutls_str.c: Deduplicated some code in
6140 _gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
6142 2014-12-17 Jaak Ristioja <jaak.ristioja@cyber.ee>
6144 * lib/gnutls_str.c: Explicitly marked some variables const in
6145 _gnutls_buffer_append_data(). Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
6147 2014-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6149 * devel/DCO/people-dco.txt: DCO: added Jaak Ristioja
6151 2014-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6153 * tests/slow/cipher-test.c: test-ciphers: do not fail on processor
6154 which don't have the AES-NI instructions
6156 2014-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6158 * lib/gnutls_str.c: _gnutls_buffer_*: moved common operations to
6161 2014-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6163 * lib/gnutls_str.c: _gnutls_buffer_append_data: moved common code
6164 outside the if-clause
6166 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6168 * tests/suite/testcompat-main-polarssl: tests: disable SSL 3.0
6169 checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl.
6171 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6173 * tests/suite/testdane: testdane: removed www.vulcano.cl from good
6176 2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
6178 * tests/x509cert-tl.c: tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with
6179 gnutls_x509_trust_list_add_named_crt().
6181 2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
6183 * lib/x509/verify-high.c: use
6184 gnutls_x509_trust_list_verify_named_crt in
6185 gnutls_x509_trust_list_verify_crt2
6187 2014-12-12 Ludovic Courtès <ludo@gnu.org>
6189 * NEWS: Update 'NEWS'.
6191 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6193 * lib/random.c: gnutls_rnd: doc update
6195 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6197 * lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update
6199 2014-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6201 * libdane/dane.c: improved documentation on dane
6203 2014-12-11 Ludovic Courtès <ludo@gnu.org>
6205 * guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
6206 mode, for the sake of MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
6207 of 'open-input-file'.
6209 2014-12-11 Ludovic Courtès <ludo@gnu.org>
6211 * guile/src/Makefile.am: guile: Link with '-no-undefined'. Fixes builds on MinGW. Reported by Eli Zaretskii <eliz@gnu.org>. * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add -no-undefined.
6213 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6215 * src/pkcs11.c: p11tool: use Sleep() in windows
6217 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6219 * src/certtool-cfg.c: certtool: ensure that default_serial_int is
6222 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6224 * src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.
6226 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6228 * cross.mk: cross.mk: updated for 3.3.11
6230 2014-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
6232 * lib/crypto-backend.c: Allow a random generator with the same
6233 priority to re-register That corrects an issue where the library is deinitialized, and
6234 reinitialization wouldn't register the same rnd module. Reported by
6237 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6239 * tests/x509cert.c: tests: x509cert: verify that length returned
6240 from gnutls_x509_crt_get_dn matches strlen
6242 2014-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6244 * tests/suite/testcompat-main-openssl: testcompat: corrected usage
6247 2014-12-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
6249 * lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code
6251 2014-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6253 * lib/x509/common.c: corrected typo
6255 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6257 * configure.ac: configure: added option --without-idn
6259 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6261 * lib/accelerated/x86/aes-gcm-padlock.c,
6262 lib/accelerated/x86/aes-gcm-x86-aesni.c,
6263 lib/accelerated/x86/aes-gcm-x86-ssse3.c: accelerated: added required
6266 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6270 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6272 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: the priority string
6275 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6277 * lib/accelerated/x86/aes-ccm-x86-aesni.c: aesni-ccm: removed unused
6280 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6282 * lib/accelerated/x86/Makefile.am,
6283 lib/accelerated/x86/aes-ccm-x86-aesni.c,
6284 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/x86-common.c:
6285 added AESNI accelerated CCM
6287 2014-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6289 * lib/accelerated/x86/aes-gcm-padlock.c,
6290 lib/accelerated/x86/aes-gcm-x86-aesni.c,
6291 lib/accelerated/x86/aes-gcm-x86-ssse3.c: more nettle3 related
6294 2014-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6296 * libdane/dane.c: dane: use the new _gnutls_buffer_to_datum
6298 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6300 * tests/ocsp.c: tests: corrected the expected lengths in ocsp
6302 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6304 * lib/gnutls_cert.c, lib/gnutls_session_pack.c, lib/gnutls_str.c,
6305 lib/gnutls_str.h, lib/openpgp/output.c, lib/pkcs11.c, lib/tpm.c,
6306 lib/x509/dn.c, lib/x509/ocsp_output.c, lib/x509/output.c:
6307 _gnutls_buffer_to_datum: includes code for exporting strings
6309 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6311 * lib/x509/verify-high.c: when the trusted list contains a non-CA
6312 certificate warn via the audit log
6314 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6316 * lib/algorithms/ciphersuites.c: modified the CCM ciphersuite's name
6317 to match the one in the IANA registry
6319 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6321 * tests/suite/ciphersuite/scan-gnutls.sh,
6322 tests/suite/ciphersuite/test-ciphers.js: ciphersuite test: enhanced
6323 check for correct ciphersuites
6325 2014-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
6327 * tests/suite/ciphersuite/scan-gnutls.sh: ciphersuites tests: add
6330 2014-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6332 * tests/suite/ciphersuite/scan-gnutls.sh: ciphersuite tests: define
6335 2014-12-04 Ludovic Courtès <ludo@gnu.org>
6337 * guile/src/Makefile.am: guile: Build with warnings. * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra -Wno-unused-parameter.
6339 2014-12-04 Ludovic Courtès <ludo@gnu.org>
6341 * guile/modules/Makefile.am, guile/modules/gnutls.in,
6342 guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
6343 guile/src/core.c, guile/src/make-session-priorities.scm,
6344 guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
6345 guile: Remove the deprecated priority API. * guile/modules/gnutls/build/priorities.scm: Remove. * guile/src/make-session-priorities.scm: Remove. * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. * guile/src/Makefile.am (EXTRA_DIST): Likewise. (GENERATED_BINDINGS): Remove 'priorities.i.c'. (priorities.i.c): Remove target. * guile/src/core.c: Don't include it. (scm_gnutls_set_default_priority_x): Remove. * guile/modules/gnutls.in (gnutls): Adjust export list. * guile/tests/session-record-port.scm: Use
6346 'set-session-priorities!'. * guile/tests/x509-auth.scm: Likewise.
6348 2014-12-04 Ludovic Courtès <ludo@gnu.org>
6350 * doc/gnutls-guile.texi, guile/modules/gnutls.in,
6351 guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
6352 guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
6353 Remove RSA parameters and related procedures. * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
6354 Remove. (%gnutls-smobs): Remove it. * guile/src/core.c (scm_gnutls_make_rsa_parameters, scm_gnutls_pkcs1_import_rsa_parameters, scm_gnutls_pkcs1_export_rsa_parameters, scm_gnutls_set_certificate_credentials_rsa_export_params_x):
6355 Remove. * guile/modules/gnutls.in: Adjust export list. * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. Remove references to it and to 'set-certificate-credentials-rsa-export-parameters!'. * guile/tests/x509-auth.scm: Likewise. * doc/gnutls-guile.texi (Representation of Binary Data): Remove references to RSA parameters. Adjust example accordingly. (OpenPGP Authentication Guile Example): Likewise.
6357 2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
6359 * doc/TODO: updated TODO list
6361 2014-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
6363 * lib/libgnutls.map: removed several of the unneeded exported
6366 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6370 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6372 * doc/cha-upgrade.texi: doc: corrected typo
6374 2014-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6376 * lib/nettle/cipher.c: use unsigned long in gcm_cast_st
6378 2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6380 * lib/nettle/cipher.c: corrected issue in AES-256-GCM
6382 2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6384 * tests/slow/Makefile.am, tests/slow/test-ciphers: tests: enhanced
6385 cipher check to include all ciphers.
6387 2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6389 * lib/nettle/cipher.c: simplified abstractions over nettle based on
6392 2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6394 * lib/crypto-api.c: API doc update
6396 2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6398 * lib/crypto-selftests.c: Added test vectors for CCM mode
6400 2014-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
6402 * lib/nettle/cipher.c: CCM: corrected AEAD decryption
6404 2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6406 * lib/gnutls_priority.c: CCM mode moved to the lowest priority
6408 2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6410 * lib/accelerated/x86/aes-gcm-aead.h: aes-gcm-aead.h: generalized
6412 2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
6414 * src/benchmark-tls.c: gnutls-cli: added benchmark for CCM
6416 2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
6418 * tests/priorities.c, tests/suite/testcompat-main-polarssl: tests:
6419 updated for AES-128-CCM ciphersuites
6421 2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
6423 * lib/gnutls_cipher.c: use the new AEAD API in gnutls_cipher.c
6425 2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
6427 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
6428 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
6429 lib/nettle/cipher.c: Added definitions for CCM ciphersuites
6431 2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
6433 * NEWS, doc/cha-crypto.texi, lib/accelerated/x86/Makefile.am,
6434 lib/accelerated/x86/aes-gcm-aead.h,
6435 lib/accelerated/x86/aes-gcm-padlock.c,
6436 lib/accelerated/x86/aes-gcm-x86-aesni.c,
6437 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
6438 lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/crypto-api.c,
6439 lib/crypto-backend.h, lib/crypto-selftests.c,
6440 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
6441 lib/includes/gnutls/crypto.h, lib/libgnutls.map,
6442 lib/nettle/cipher.c: Modified crypto backend to accomodate for the
6445 2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
6447 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
6448 lib/nettle/int/dsa-validate.c, lib/nettle/pk.c: More nettle2 updates
6451 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6453 * lib/accelerated/x86/aes-gcm-padlock.c,
6454 lib/accelerated/x86/aes-gcm-x86-aesni.c,
6455 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
6456 lib/accelerated/x86/aes-padlock.c,
6457 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h,
6458 lib/accelerated/x86/sha-padlock.c,
6459 lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
6460 lib/nettle/cipher.c, lib/nettle/int/gcm-camellia.c,
6461 lib/nettle/int/gcm-camellia.h, lib/nettle/pk.c, m4/hooks.m4,
6462 tests/dsa/testdsa: ported to nettle 3.0
6464 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6466 * m4/hooks.m4: reduced current soversion
6468 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6470 * NEWS, doc/cha-upgrade.texi, lib/libgnutls.map: documented the
6471 removal of deprecated functions
6473 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6475 * lib/gnutls_priority.c: corrected comparison
6477 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6479 * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
6480 lib/gnutls_priority.c, lib/gnutls_state.c,
6481 lib/includes/gnutls/compat.h: removed the old gnutls_retr_st
6482 compatibility functions
6484 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6486 * configure.ac, lib/Makefile.am, lib/gnutls_rsa_export.c,
6487 lib/gnutls_ui.c, lib/includes/gnutls/compat.h, m4/hooks.m4: Removed
6488 binary compatibility with RSA-EXPORT using applications
6490 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6492 * lib/gnutls_priority.c, lib/includes/gnutls/compat.h: removed the
6493 old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority
6494 gnutls_compression_set_priority gnutls_kx_set_priority
6495 gnutls_protocol_set_priority gnutls_certificate_type_set_priority
6497 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6499 * lib/includes/gnutls/compat.h, lib/x509/x509.c: removed
6500 gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()
6502 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6504 * lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c,
6505 lib/includes/gnutls/compat.h: gnutls_sign_callback_set() and
6506 gnutls_sign_callback_get() were removed
6508 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6510 * lib/includes/gnutls/gnutls.h.in: renumbered fields in gnutls.h
6512 2014-12-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
6514 * lib/libgnutls.map, m4/hooks.m4: increased gnutls' soversion
6516 2014-12-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
6518 * lib/random.h: if the rnd structure doesn't provide check,
6519 _gnutls_rnd_check() will succeed
6521 2014-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6523 * tests/Makefile.am, tests/x509-verify-with-crl.c: tests: Added
6524 check for verification using CRLs
6526 2014-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6528 * lib/x509/x509.c: Reorganized, and eliminated memory leak in
6529 _gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.
6531 2014-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6533 * src/systemkey.c: systemkey: updated for new
6534 gnutls_system_key_iter_get_info
6536 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6538 * lib/includes/gnutls/system-keys.h, lib/system-keys-dummy.c,
6539 lib/system-keys-win.c: gnutls_system_key_iter_get_info() allows
6540 restricting results to a specific certificate type
6542 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6544 * lib/gnutls_x509.c: removed unneeded variable
6546 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6548 * lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
6551 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6553 * doc/cha-gtls-app.texi: doc: added recommendation to use the higher
6554 level functions to load keys
6556 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6558 * src/certtool-cfg.c: certtool: avoid gcc warnings
6560 2014-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
6562 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
6563 check for whether %NO_EXTENSIONS is required
6565 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6567 * lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
6570 2014-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
6572 * lib/gnutls_ui.c: gnutls_session_get_desc will return NULL if
6573 initial negotiation is not complete
6575 2014-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6579 2014-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6581 * tests/mini-chain-unsorted.c: tests: small fix in
6584 2014-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6586 * lib/gnutls_pcert.c, lib/gnutls_x509.c, lib/x509/common.c,
6587 lib/x509/common.h, lib/x509/x509.c:
6588 GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from
6589 gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT
6592 2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6594 * lib/gnutls_pcert.c: gnutls_pcert_import_x509_list: only sort the
6597 2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6601 2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6603 * lib/system-keys-win.c: simplified windows URLs
6605 2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6607 * lib/system-keys-win.c: system-keys-win: include urls.h
6609 2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6611 * tests/Makefile.am, tests/mini-cert-status.c,
6612 tests/mini-chain-unsorted.c: tests: added mini-chain-unsorted
6614 2014-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
6616 * lib/gnutls_pcert.c, lib/gnutls_x509.c,
6617 lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
6618 lib/libgnutls.map, lib/x509/common.c, lib/x509/common.h,
6619 lib/x509/verify-high.c, lib/x509/x509.c: Added flag
6620 GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the
6621 gnutls_certificate_credentials_t structure.
6623 2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6625 * tests/Makefile.am, tests/set_x509_key_file.c: tests: Added check
6626 for memory leaks when a file cannot be loaded.
6628 2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6630 * lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
6631 memory leak when certificate could not be parsed Reported by Georg Richter.
6633 2014-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6635 * libdane/dane.c: libdane: undef gnutls_assert() before redefining
6638 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6640 * src/socket.c: gnutls-cli-debug: do not print error on unknown
6643 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6645 * tests/Makefile.am, tests/set_x509_key_mem.c: tests: added leak
6646 check for gnutls_set_x509_key_mem2()
6648 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6650 * lib/gnutls_x509.c: documented the limitations of the loading
6653 2014-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6655 * lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.
6657 2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
6659 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
6660 check for sorted certificate chain
6662 2014-11-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
6664 * lib/gnutls_db.c: do not allow the resumption of a session which
6665 switches the state of ext_master_secret
6667 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6669 * tests/rfc2253-escape-test: tests: run rfc2253-escape-test under
6672 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6674 * tests/custom-urls.c: tests: enhanced custom-url check
6676 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6678 * lib/gnutls_privkey.c, lib/gnutls_x509.c: sanitize URLs at the
6681 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6683 * lib/x509/x509.c: corrected freeing of custom URL
6685 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6687 * doc/cha-tokens.texi, lib/includes/gnutls/urls.h: doc update
6689 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6691 * tests/suite/suppressions.valgrind, tests/suppressions.valgrind:
6692 Added memxor_different_alignment into suppressions
6694 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6696 * doc/cha-tokens.texi, lib/gnutls_x509.c,
6697 lib/includes/gnutls/urls.h, lib/urls.c, lib/urls.h: Allow the
6698 construction of chains with custom URLs
6700 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6702 * .gitignore: updated ignored files
6704 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6706 * src/Makefile.am, src/systemkey-tool.c, src/systemkey.c: renamed
6707 systemkey-tool to systemkey, and don't install it by default
6709 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6713 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6715 * tests/Makefile.am, tests/custom-urls.c: tests: added check for
6716 registration of custom URLs
6718 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6720 * lib/includes/gnutls/urls.h, lib/libgnutls.map, lib/urls.c: export
6721 gnutls_register_custom_url
6723 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6725 * lib/gnutls_x509.c: correctly handle non-pkcs11 URLs in
6728 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6730 * .gitignore: more files to ignore
6732 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6734 * doc/Makefile.am, doc/cha-tokens.texi, lib/gnutls_privkey.c,
6735 lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
6736 lib/includes/Makefile.am, lib/includes/gnutls/urls.h,
6737 lib/system-keys-win.c, lib/urls.c, lib/urls.h, lib/x509/x509.c:
6738 Added the ability to register application specific URLs for keys and
6741 2014-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6743 * lib/system-keys-win.c: system-keys-win: use macros for the URL
6745 2014-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6747 * lib/gnutls_handshake.c: doc update
6749 2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6751 * tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
6752 for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake
6754 2014-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6756 * lib/gnutls_handshake.c, lib/gnutls_record.c: treat
6757 GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
6758 complete This corrects a regression introduced in
6759 b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
6760 https://savannah.gnu.org/support/?108690
6762 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
6764 * NEWS: removed old news
6766 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
6768 * lib/algorithms.h, lib/algorithms/protocols.c,
6769 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
6770 record version in the client Hello will be set to the lowest
6771 supported protocol There should have been no harm in keeping it SSL 3.0 but
6772 unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
6773 as MUST NOT do that. That will be fixed in a later revision but
6774 since then there are servers not accepting SSL 3.0 as a valid record
6775 version (note that this is about the record version, which describes
6776 the format of the packet, nothing to do with the negotiated
6779 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
6781 * lib/gnutls_priority.c: Revert "The priority modifier
6782 %LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f.
6784 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
6786 * lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
6787 done when it is required only.
6789 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
6791 * lib/Makefile.am, lib/gnutls_priority.c,
6792 lib/includes/gnutls/gnutls.h.in, src/cli.c:
6793 gnutls_priority_string_list: allow printing the special keywords as
6796 2014-11-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
6798 * lib/nettle/rnd-common.c: simplified code involving getrandom() and
6801 2014-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
6803 * configure.ac: configure: detect android system and define a
6806 2014-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
6808 * lib/Makefile.am, lib/system-keys-dummy.c, lib/system-keys-win.c,
6809 lib/system-keys.c: separated system-keys implementations
6811 2014-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6813 * lib/libgnutls.map: removed redundant local
6815 2014-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6817 * tests/suite/testpkcs11: tests: added check for the abbreviated
6818 URLs which don't contain object information
6820 2014-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6822 * lib/Makefile.am, lib/gnutls_x509.c, lib/pkcs11_privkey.c,
6823 lib/urls.c, lib/urls.h, lib/x509/x509.c: prior to importing objects
6824 with URLs sanitize them That allows to use out of band information to complete missing parts
6825 in URLs (e.g., object-type=cert, when there is a certificate).
6827 2014-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6829 * lib/system-keys.c: compilation fixes
6831 2014-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
6835 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
6837 * lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_global.c,
6838 lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
6839 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c,
6840 lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
6841 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/system-keys.h,
6842 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
6843 lib/pkcs11_int.h, lib/system-keys.c, lib/system-keys.h,
6844 lib/x509/Makefile.am, lib/x509/x509.c, src/Makefile.am,
6845 src/systemkey-args.def, src/systemkey-tool.c: Added API to
6846 read/write/delete key-cert pairs (limited to windows for now)
6848 2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6850 * lib/gnutls_priority.c: NORMAL priority: prioritize the less than
6851 256-bits curves at the lowest level
6853 2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6855 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
6856 src/certtool.c: certtool: Allow to set the nonRepudiation,
6857 keyAgreement and dataEncipherment flags
6859 2014-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6861 * src/certtool-args.def: list the OIDs in the certtool cfg file
6864 2014-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6866 * lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
6867 zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
6869 2014-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6871 * doc/TODO: doc update
6873 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6877 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6879 * lib/gnutls_x509.c: partially reverted
6880 999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as
6883 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6885 * src/certtool.c: certtool: print message when the system trust is
6888 2014-11-14 David Weber <dave@veryflatcat.com>
6890 * src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
6891 and serv.c. I have tested the fix in 3.3.10. This commit is UNTESTED as i am
6892 unable to compile gnutls (./configure complains about gl_INIT and
6893 ggl_INIT). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
6895 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6897 * tests/ocsp.c: tests: ocsp: added the signature in check
6899 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6901 * lib/x509/ocsp_output.c: only print about additional certificates
6904 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6906 * lib/x509/ocsp.c: ocsp: fix DN decoding in
6907 gnutls_ocsp_resp_get_responder_raw_id
6909 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6911 * tests/ocsp.c: tests: ocsp: added check with a long response
6913 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6915 * lib/x509/ocsp.c: use the original DER/BER data when verifying an
6918 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6920 * lib/gnutls_pubkey.c: _pkcs1_rsa_verify_sig() simplify hashing
6922 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6924 * lib/x509/ocsp.c: ocsp: eliminated duplicate code
6926 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6928 * src/certtool-args.def: clarified the multiple paths printing of
6931 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6933 * src/cli.c: gnutls-cli: allow printing the certificates in OCSP
6934 responses when --print-cert is specified
6936 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6938 * lib/gnutls_x509.c, lib/x509/ocsp.c: updated OCSP verification code
6939 to better use the trust list, and the KeyHash
6941 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6943 * lib/x509/ocsp_output.c: OCSP printing: Add header in front of
6946 2014-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
6948 * lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
6949 lib/pkcs11.c, lib/x509/verify-high.c: added
6950 gnutls_pkcs11_get_raw_issuer_by_dn and
6951 gnutls_x509_trust_list_get_issuer_by_dn
6953 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6955 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
6956 for OCSP status response
6958 2014-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6960 * tests/cert-tests/crq: corrected crq test case; reported by Andreas
6963 2014-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
6965 * lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
6968 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6970 * lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
6971 lib/x509/ocsp_output.c, tests/ocsp.c: replaced
6972 gnutls_ocsp_resp_get_responder_by_key with
6973 gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old
6974 buggy behavior of returning 0 if the element was missing.
6976 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6978 * src/certtool.c: certtool: make sure that GNUTLS_PKCS_PLAIN is set
6979 when no password should be asked
6981 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6983 * lib/x509/privkey.c: gnutls_x509_privkey_import2: will not use a
6984 callback if GNUTLS_PKCS_PLAIN is specified
6986 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6988 * lib/fips.c: the FIPS140-2 testing mode is disabled after
6991 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6993 * tests/ocsp.c: updated OCSP tests to account for the new key ID
6995 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
6997 * lib/x509/ocsp.c: doc update and gnutls_ocsp_resp_get_responder()
6998 will always initialized output data
7000 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7002 * lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
7005 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7007 * src/cli.c: gnutls-cli: print the OCSP response in verbose mode
7009 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7011 * lib/x509/ocsp.c: corrected documentation of OCSP response
7014 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7016 * lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
7017 lib/x509/ocsp_output.c: Added
7018 gnutls_ocsp_resp_get_responder_by_key()
7020 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7022 * lib/x509/dn.c: dn parsing: return
7023 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available
7025 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7027 * src/cli-args.def, src/cli.c, src/common.c: gnutls-cli: added
7028 option to save the OCSP response
7030 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7032 * lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_sig.c,
7033 lib/includes/gnutls/abstract.h: added the notion of preferred sign
7034 algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3()
7035 with the info callback. It is only considered for client side keys
7038 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7040 * doc/cha-gtls-app.texi, lib/ext/ext_master_secret.c,
7041 lib/gnutls_int.h, lib/gnutls_priority.c, lib/priority_options.gperf:
7042 Added priority string %NO_SESSION_HASH to prevent advertising the
7043 extended master secret extension
7045 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7047 * lib/ext/status_request.c: certificate status requestion response
7048 is optional according to RFC6066
7050 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7052 * lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, src/common.c:
7053 Added flag GNUTLS_OCSP_SR_IS_AVAIL for
7054 gnutls_ocsp_status_request_is_checked
7056 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7058 * lib/nettle/rnd-common.h: rnd: removed the packed attribute from
7059 event_st That prevents a SIGBUS on solaris sparc systems. Reported by Thomas
7062 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7064 * lib/gnutls_priority.c: The priority modifier
7065 %LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
7066 number from the first packet of the record protocol.
7068 2014-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7070 * src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
7071 that disallow the SSL 3.0 record version
7073 2014-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7075 * src/common.c: gnutls-cli: print whether status request has been
7078 2014-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
7080 * lib/gnutls_x509.c: doc update
7082 2014-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
7084 * lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
7085 lib/libgnutls.map, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/tpm.c,
7086 lib/x509/privkey.c, lib/x509/x509_int.h: Enable PIN support to
7087 gnutls_x509_privkey_t
7089 2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7091 * lib/system.c, lib/system.h, lib/x509/common.c,
7092 lib/x509/x509_ext.c: _gnutls_ucs2_to_utf8() can handle little endian
7095 2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7099 2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7101 * lib/Makefile.am, lib/crypto-api.c, lib/ext/session_ticket.c,
7102 lib/gnutls_cipher.c, lib/includes/gnutls/gnutls.h.in,
7103 lib/libgnutls.map, lib/safe-memfuncs.c, lib/safe-memset.c: Added
7104 gnutls_memcmp() and exported it.
7106 2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7108 * lib/includes/gnutls/abstract.h: indentation fix
7110 2014-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
7114 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7116 * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
7117 lib/x509/pkcs12_bag.c: added gnutls_pkcs12_bag_set_privkey() Conflicts: lib/libgnutls.map
7119 2014-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7121 * lib/abstract_int.h, lib/gnutls_privkey.c,
7122 lib/includes/gnutls/abstract.h: dropped unused copy_func
7124 2014-11-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7126 * lib/x509/gnutls-idna.h: silence warning
7128 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7130 * configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq:
7131 Added check with the invalid crq sent by Sean Burford
7133 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7135 * lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
7136 format, perform additional sanity checks on input Reported by Sean Burford.
7138 2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7142 2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7144 * doc/cha-intro-tls.texi: doc update
7146 2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7148 * NEWS, lib/ext/session_ticket.c, lib/gnutls_mem.h,
7149 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: exported
7152 2014-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7154 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
7157 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7159 * src/socket.c: tools: include arpa/inet.h in socket.c
7161 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7163 * doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
7166 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7168 * lib/pkcs11.c: pkcs11: pass the correct user type to protected
7169 authentication login
7171 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7173 * doc/cha-gtls-app.texi: doc: corrected values for INSECURE level
7175 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7177 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c:
7178 pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags
7180 2014-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
7182 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c:
7183 pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH
7185 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7187 * lib/pkcs11_privkey.c: pkcs11: perform reauth at the appropriate
7190 2014-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7192 * lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
7193 type on reauthentication
7195 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7197 * gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
7198 to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7200 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7202 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
7203 force login on tokens that require it
7205 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7207 * lib/pkcs11.c: pkcs11: always set slot_info
7209 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7211 * tests/suite/testcompat-main-openssl: testcompat-openssl: disable
7212 SSL 3.0 as it is not supported on debian
7214 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7216 * tests/suite/testcompat-main-polarssl: fixed polarssl compatibility
7219 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7221 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.c:
7222 pkcs11: eliminated the need for struct token_info
7224 2014-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7226 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
7227 support for PKCS #11 keys that require reauthentication and
7228 simplified pkcs11_login
7230 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7232 * src/cli-debug.c: gnutls-cli-debug: clarified text
7234 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7236 * tests/suite/Makefile.am, tests/suite/testcompat,
7237 tests/suite/testcompat-main, tests/suite/testcompat-main-openssl,
7238 tests/suite/testcompat-main-polarssl,
7239 tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl:
7240 tests: separated the two testcompat tests (openssl/polarssl)
7242 2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7244 * lib/algorithms/ciphers.c: added missing comma
7246 2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7248 * src/tests.c: gnutls-cli-debug: corrected heartbeat check
7250 2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7252 * src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
7255 2014-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7257 * src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
7260 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7262 * tests/suite/testcompat-main: tests: added interoperability tests
7265 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7267 * lib/gnutls_constate.c, lib/gnutls_int.h: corrected calculation for
7268 max send data and other uses of _gnutls_cipher_type()
7270 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7272 * lib/algorithms/ciphers.c: modernized cipher table
7274 2014-11-05 Chen Hongzhi <hongzhi.chen@me.com>
7276 * lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7278 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7280 * lib/gnutls_cipher.c: simplified checks for EtM
7282 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7284 * tests/anonself.c: tests: enhanced test to check the return value
7285 of gnutls_record_send()
7287 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7289 * tests/mini-x509-2.c: tests: Added unit tests for
7290 gnutls_certificate_get_ours in mini-x509-2
7292 2014-11-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
7294 * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
7295 lib/gnutls_session.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
7296 lib/includes/gnutls/gnutls.h.in: introduced
7297 GNUTLS_MAX_SESSION_ID_SIZE
7299 2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7301 * doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive
7303 2014-11-04 Chris Barry <chris@barry.im>
7305 * doc/cha-auth.texi, doc/cha-cert-auth.texi,
7306 doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi:
7307 Cleaning up some awkward phrasings. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7309 2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7311 * .gitignore, tests/Makefile.am, tests/mini-record-failure.c: tests:
7312 Added test for MAC verification checks
7314 2014-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7316 * lib/ext/etm.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: EtM
7317 fixes: it only applies to block ciphers
7319 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7321 * src/cli-debug.c: gnutls-cli-debug: reorganized output
7323 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7325 * src/cli-debug.c, src/tests.c: moved the HTTPS server name outside
7326 of verbose tests; only run when the HTTPS protocol is used
7328 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7330 * src/cli-debug.c, src/common.c, src/common.h, src/tests.c: enhanced
7331 gnutls-cli-debug verbose output (uses files for mass text)
7333 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7335 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
7336 tests for EtM and extended master secret support In addition reworked the output for existing tests.
7338 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7340 * src/socket.c: tools: only warn of an error if it is fatal
7342 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7344 * tests/suite/testcompat-main, tests/suite/testcompat-polarssl:
7345 testcompat: increased the number of test cases checked
7347 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7349 * lib/ext/alpn.c: updated text
7351 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7355 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7357 * tests/suite/testcompat-polarssl: testcompat-polarssl: try to run
7358 the test only if polarssl binaries are available
7360 2014-11-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
7362 * tests/suite/testcompat-common, tests/suite/testcompat-polarssl:
7363 testcompat: check the PSK ciphersuite interoperability against
7366 2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7368 * tests/suite/Makefile.am, tests/suite/testcompat,
7369 tests/suite/testcompat-common, tests/suite/testcompat-main,
7370 tests/suite/testcompat-polarssl: testcompat: added interop tests
7373 2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
7375 * lib/system_override.c: doc: Added missing reference for EMSGSIZE
7376 to inline documentation of gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7378 2014-11-03 Jaak Ristioja <jaak.ristioja@cyber.ee>
7380 * lib/system_override.c: doc: Fixed typo in inline comment of
7381 gnutls_transport_set_errno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7383 2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7387 2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7389 * doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/etm.c,
7390 lib/ext/etm.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
7391 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
7392 lib/gnutls_constate.c, lib/gnutls_extensions.c, lib/gnutls_int.h,
7393 lib/gnutls_priority.c, lib/gnutls_session_pack.c,
7394 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
7395 lib/priority_options.gperf, src/common.c: Added support for RFC7366
7396 (encrypt then authenticate) It implements a revised version of RFC7366, to avoid
7397 interoperability issues:
7398 http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This
7399 is currently enabled by default, unless %NO_ETM, or %COMPAT is
7402 2014-11-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
7404 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/crypto-api.c,
7405 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
7406 lib/gnutls_int.h, lib/gnutls_range.c: Made AEAD type an alternative
7407 to stream and block That way the terminology becomes closer to the TLS rfc.
7409 2014-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7411 * lib/gnutls_errors.c: updated the text for
7412 GNUTLS_E_UNSUPPORTED_VERSION_PACKET
7414 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7418 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7420 * tests/suite/Makefile.am, tests/suite/pkcs11-privkey.c: tests:
7421 Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11
7424 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7426 * .gitignore: more files to ignore
7428 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7430 * lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
7433 2014-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7435 * lib/pkcs11.c: deinitialize the temporary spki data
7437 2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7439 * tests/Makefile.am, tests/init_fds.c: tests: added test for
7440 gnutls_global_init after all descriptors are closed
7442 2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7444 * lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h:
7445 corrected check for urandom fd
7447 2014-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7449 * tests/dtls/dtls-stress.c: tests: dtls-stress: fix issues in the
7452 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7454 * lib/gnutls_x509.c: Do not require a PIN callback in the
7455 certificate credentials when a password is specified
7457 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7459 * lib/gnutls_x509.c: doc update
7461 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7463 * lib/gnutls_global.c: corrected exit state from gnutls_global_init
7465 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7467 * doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
7468 account the new behavior
7470 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7472 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
7473 lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
7474 gnutls_fd_in_use, it is no longer necessary
7476 2014-10-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
7478 * lib/crypto-backend.h, lib/gnutls_global.c,
7479 lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
7480 lib/random.h: When gnutls_global_init() is called manually from the
7481 application check the urandom fd for validity That addresses the issue where a server closes all open file
7482 descriptors and then calls gnutls_global_init().
7484 2014-10-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
7486 * NEWS, configure.ac, lib/nettle/rnd-common.c: Added support for
7487 getentropy() and reworked getrandom support
7489 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
7491 * lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits
7493 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
7497 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
7499 * lib/gnutls_dh.c, lib/includes/gnutls/gnutls.h.in,
7500 lib/libgnutls.map: Added gnutls_dh_params_import_raw2(), which
7501 allows to specify the number of bits for key size
7503 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
7507 2014-10-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
7509 * configure.ac, lib/nettle/rnd-common.c: use Linux' getrandom() when
7512 2014-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7514 * lib/nettle/rnd.c: use the random rnd context when refreshing the
7515 nonce context That avoids frequent reads from /dev/urandom.
7517 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7519 * lib/gnutls_state.c: do not explicitly refresh rnd state on session
7520 deinit It is already being refreshed during the session lifetime.
7522 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7524 * lib/nettle/rnd.c: doc update
7526 2014-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7528 * lib/nettle/rnd.c: increase the reseed time
7530 2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7532 * lib/crypto-selftests.c: tests: enhance cipher test to include tag
7535 2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7537 * lib/crypto-api.c: better documented the new API
7539 2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7541 * lib/crypto-api.c: harmonise variable names
7543 2014-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7545 * configure.ac: disable hardware acceleration by default in solaris
7547 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7549 * lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support of
7550 draft-ietf-tls-session-hash-02. Now the session hash is calculated correctly even when a client
7551 certificate is sent. That is, the session hash now does not take
7552 into account the CertificateVerify message.
7554 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7556 * lib/crypto-api.c: doc update
7558 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7562 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7564 * doc/cha-crypto.texi: doc: list the AEAD API
7566 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7568 * NEWS, lib/crypto-api.c, lib/crypto-selftests.c,
7569 lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
7570 lib/libgnutls.map: Added a new simple to use AEAD API
7572 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7574 * NEWS, m4/hooks.m4: the openssl compatibility library isn't built
7577 2014-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7579 * cfg.mk, lib/accelerated/x86/elf/aes-ssse3-x86.s,
7580 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
7581 lib/accelerated/x86/elf/aesni-x86.s,
7582 lib/accelerated/x86/elf/aesni-x86_64.s,
7583 lib/accelerated/x86/elf/cpuid-x86.s,
7584 lib/accelerated/x86/elf/cpuid-x86_64.s,
7585 lib/accelerated/x86/elf/e_padlock-x86.s,
7586 lib/accelerated/x86/elf/e_padlock-x86_64.s,
7587 lib/accelerated/x86/elf/ghash-x86_64.s,
7588 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
7589 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
7590 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
7591 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
7592 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
7593 directive in assembly files, as it isn't portable
7595 2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
7597 * lib/gnutls_cipher.c: eliminate IV size usage in TLS
7598 encryption/decryption; it was a remnant of salsa20
7600 2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
7602 * lib/ext/ext_master_secret.c: corrected likely macro usage Spotted by Manuel Pégourié-Gonnard.
7604 2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
7606 * lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
7607 lib/gnutls_cipher_int.h, tests/mini-overhead.c: removed support for
7608 SALSA20 and for stream ciphers with IV The proposal was not adopted by the TLS WG, and the AEAD path will
7611 2014-10-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
7613 * doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c,
7614 lib/priority_options.gperf: Added priority string %NO_TICKETS that
7615 disables session ticket support This is implied by the priority string PFS.
7617 2014-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7619 * lib/ext/ext_master_secret.c, lib/gnutls_kx.c: do not negotiate nor
7620 use the 'extended master secret' in SSL 3.0 According to Alfredo Pironti support for that protocol will be
7621 dropped from the draft.
7623 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7625 * cross.mk: compile 3.3.9 by default
7627 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7629 * lib/gnutls_handshake.c: always send the mandatory extensions (even
7630 in SSL 3.0) The only way to force no extensions and usage of SCSVs is the
7631 %NO_EXTENSIONS priority string.
7633 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7635 * lib/ext/ext_master_secret.c: EXT MASTER SECRET moved to mandatory
7638 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7640 * configure.ac, lib/Makefile.am: check and use libnsl (used in
7643 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7645 * lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
7646 lib/accelerated/x86/coff/aesni-x86.s,
7647 lib/accelerated/x86/coff/aesni-x86_64.s,
7648 lib/accelerated/x86/coff/e_padlock-x86_64.s,
7649 lib/accelerated/x86/coff/ghash-x86_64.s,
7650 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
7651 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
7652 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
7653 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
7654 lib/accelerated/x86/elf/aes-ssse3-x86.s,
7655 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
7656 lib/accelerated/x86/elf/aesni-x86.s,
7657 lib/accelerated/x86/elf/aesni-x86_64.s,
7658 lib/accelerated/x86/elf/cpuid-x86.s,
7659 lib/accelerated/x86/elf/cpuid-x86_64.s,
7660 lib/accelerated/x86/elf/e_padlock-x86.s,
7661 lib/accelerated/x86/elf/e_padlock-x86_64.s,
7662 lib/accelerated/x86/elf/ghash-x86_64.s,
7663 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
7664 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
7665 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
7666 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
7667 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
7668 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
7669 lib/accelerated/x86/macosx/aesni-x86.s,
7670 lib/accelerated/x86/macosx/aesni-x86_64.s,
7671 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
7672 lib/accelerated/x86/macosx/ghash-x86_64.s,
7673 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
7674 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
7675 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
7676 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
7679 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7681 * devel/openssl: updated perl asm sources
7683 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7685 * cfg.mk: use the GNU-stack note in linux systems
7687 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7689 * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
7690 gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
7691 gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
7692 gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
7693 src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
7694 src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
7695 src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
7696 src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c:
7699 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7701 * tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
7702 validity of gnutls_x509_trust_list_get_issuer
7704 2014-10-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
7706 * lib/x509/verify-high.c: corrected bug in
7707 gnutls_x509_trust_list_get_issuer() when used without the
7708 GNUTLS_TL_GET_COPY flag
7710 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7712 * tests/slow/Makefile.am: tests: include minitasn1 when needed
7714 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7716 * src/danetool.c: use HAVE_DANE ifdef for unused functions
7718 2014-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7720 * lib/libgnutls.map: exported gnutls_fd_in_use
7722 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
7724 * doc/cha-gtls-app.texi: document gnutls_fd_in_use()
7726 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
7728 * lib/gnutls_state.c: gnutls_fd_in_use: mention version
7730 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
7732 * lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
7735 2014-10-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
7737 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
7738 lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
7739 check whether a file descriptor is in use
7741 2014-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7743 * lib/gnutls_state.h: added prototype to avoid compiler warning
7745 2014-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7747 * lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode
7749 2014-10-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
7751 * lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
7754 2014-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7756 * tests/dtls/dtls-stress.c: dtls-stress: reindented code
7758 2014-10-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
7760 * tests/dtls/dtls-stress.c: tests: dtls-stress: only replay when
7763 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7765 * tests/suite/testsrn: testsrn: do not assume that SSL 3.0 is
7768 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7770 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
7771 test that checks the fallback from TLS 1.6
7773 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7775 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
7776 lib/libgnutls.map: added _gnutls_hello_set_default_version() which
7777 allows to override the clienthello version
7779 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7781 * src/cli-args.def: gnutls-cli: prevent the combination of the -p
7782 and --list options As -p may be mistaken for --priority that would prevent wrong
7785 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7787 * lib/x509/verify-high2.c: avoid d from getting out of scope
7789 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7791 * src/udp-serv.c: gnutls-serv: avoid possible buffer overrun
7793 2014-10-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
7795 * lib/x509/privkey.c: avoid memory leak on
7796 gnutls_x509_privkey_generate() failure
7798 2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
7802 2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
7804 * src/cli-args.def, src/cli.c: gnutls-cli: added option
7807 2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
7809 * lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
7810 lib/libgnutls.map: added gnutls_priority_string_list(), a function
7811 to iterate all priority strings
7813 2014-10-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
7815 * lib/gnutls_priority.c: put all priority strings into a table
7817 2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7819 * doc/cha-gtls-app.texi: updated documentation for SSL 3.0 removal
7821 2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7825 2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7827 * lib/gnutls_priority.c: SSL 3.0 is no longer on the default
7830 2014-10-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
7832 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
7833 lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
7834 1024-bit DSA parameters when generating
7836 2014-10-14 Ludovic Courtès <ludo@gnu.org>
7838 * guile/src/core.c: guile: Remove trailing zero in
7839 'gnutls_server_name_set' call. In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
7840 'set-session-server-name!' would pass a trailing nul character on
7841 the wire after the server name, which would thus be rejected by
7844 2014-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7846 * src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.
7848 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7850 * lib/gnutls_pubkey.c: use _gnutls_hash_fast() in DSA/ECDSA
7853 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7855 * lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
7856 lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
7857 changes to account for seed starting with null byte
7859 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7861 * lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
7864 2014-10-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
7866 * lib/nettle/rnd-common.c: simplified getrusage code; the failure
7867 check code wasn't needed
7869 2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7871 * lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
7872 phi(n) for RSA key generation in FIPS-140-2 mode
7874 2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7876 * tests/x509-extensions.c: tests: added check for import failure of
7877 v1 certificate with extensions
7879 2014-10-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
7881 * lib/x509/x509.c: do not allow importing X.509 certificates with
7882 version < 3 and extensions present
7884 2014-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7886 * cfg.mk: update the guile manual along the C one
7888 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7890 * src/libopts/Makefile.am, src/libopts/ag-char-map.h,
7891 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
7892 src/libopts/autoopts.h, src/libopts/autoopts/options.h,
7893 src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
7894 src/libopts/genshell.c, src/libopts/genshell.h,
7895 src/libopts/intprops.h, src/libopts/m4/libopts.m4,
7896 src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
7897 src/libopts/option-value-type.h,
7898 src/libopts/option-xat-attribute.c,
7899 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
7900 src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
7901 src/libopts/version.c: updated to libopts 5.18.4
7903 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7905 * lib/nettle/rnd-common.c: place all rusage variables into
7906 HAVE_GETRUSAGE block
7908 2014-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7910 * lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
7913 2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7915 * tests/test-chains.h: tests: removed last remnants of
7916 GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
7918 2014-10-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
7920 * tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
7923 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7925 * lib/ext/heartbeat.c: forbid heartbeat messages during a handshake
7927 2014-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7929 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
7930 added internal variable to track handshake status
7932 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7934 * src/ocsptool-common.c: ocsptool: avoid shadowing a global variable
7936 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7938 * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: removed flag
7939 GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
7941 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7943 * .gitignore: more files to ignore
7945 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7947 * tests/suite/pkcs11-is-known.c: tests: updated time in
7950 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7952 * lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
7955 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7957 * tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
7958 tests/test-chains.h: tests: allow running specific chainverify tests
7961 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7963 * lib/x509/common.c: _gnutls_check_valid_key_id: corrected
7964 activation/expiration check
7966 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7968 * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
7969 simplified and optimized loop
7971 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7973 * doc/cha-crypto.texi: mention nettle as the recommended crypto
7976 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7978 * tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
7979 check to ensure that trust list combination with extra certificates
7982 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7984 * lib/x509/verify-high.c: when both a trust module and additional
7985 CAs are present account the latter as well That solves an issue in openconnect which used the system trust
7986 module, plus additional certificates.
7988 2014-10-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
7990 * lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
7991 handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
7994 2014-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
7998 2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8002 2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8004 * src/common.c: tools: print the status of safe renegotiation and
8005 extended master secret
8007 2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8009 * tests/mini-x509.c, tests/resume.c: tests: check whether the
8010 extended master secret is negotiated by default
8012 2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8014 * lib/ext/Makefile.am, lib/ext/ext_master_secret.c,
8015 lib/ext/ext_master_secret.h, lib/gnutls_constate.c,
8016 lib/gnutls_extensions.c, lib/gnutls_handshake.c,
8017 lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
8018 lib/gnutls_session_pack.c, lib/gnutls_state.c,
8019 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
8020 for the extended master secret calculation That is performed implicitly unless GNUTLS_NO_EXTENSIONS is
8021 specified. The implementation follows
8022 draft-ietf-tls-session-hash-02.
8024 2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8026 * lib/nettle/pk.c: corrected assignment
8028 2014-10-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8030 * lib/libgnutls.map: corrected the name of exported function
8032 2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8036 2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8038 * tests/Makefile.am, tests/mini-dtls-discard.c: tests: added check
8039 for gnutls_record_discard_queued()
8041 2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8043 * lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
8044 lib/libgnutls.map: Added gnutls_record_discard_queued() That function allows to discard queued data in DTLS.
8046 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8048 * tests/test-chains.h: tests: corrected test for v1 cert signing
8049 (removed bogus authorityIdentifier)
8051 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8053 * src/certtool.c: certtool: only set the authority key identifier,
8054 if there is a corresponding subject key identifier
8056 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8058 * lib/pkcs11.c: pkcs11: do not shortcut checks when
8059 GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified
8061 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8063 * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
8064 check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.
8066 2014-10-06 Armin Burgmeier <armin@arbur.net>
8068 * tests/suite/pkcs11-chainverify.c: Add a test for PKCS11 CA
8069 iteration Signed-off-by: Armin Burgmeier <armin@arbur.net>
8071 2014-10-06 Armin Burgmeier <armin@arbur.net>
8073 * lib/x509/verify-high.c: Also iterate over the CA certificates in a
8074 PKCS11 token Signed-off-by: Armin Burgmeier <armin@arbur.net>
8076 2014-10-06 Armin Burgmeier <armin@arbur.net>
8078 * lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
8079 are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
8080 theold URL would be leaked. It is documented that only one URL can
8081 be used, so it should be safe to reject any attempt to add another
8082 one. Signed-off-by: Armin Burgmeier <armin@arbur.net>
8084 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8086 * lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
8087 no CKA_ID can be relied on fallback on checking the
8088 SubjectKeyIdentifier Patch by David Woodhouse.
8090 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8092 * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
8093 verification functions
8095 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8097 * lib/includes/gnutls/gnutls.h.in: removed unused definition
8099 2014-10-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
8101 * lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
8102 verification functions
8104 2014-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8106 * tests/suite/pkcs11-is-known.c: tests: corrected check with
8107 gnutls_x509_trust_list_get_issuer
8109 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8111 * lib/x509/verify-high2.c: corrected remove_pkcs11_url()
8113 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8115 * lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()
8117 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8119 * tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
8120 check gnutls_pkcs11_crt_is_known() when multiple same DNs are
8123 2014-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8125 * lib/pkcs11.c: pkcs11: when checking for presence do not give up on
8128 2014-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8130 * lib/x509/verify-high2.c: doc update: clarifications in
8131 gnutls_x509_trust_list_add_trust_file
8133 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8135 * lib/x509/verify-high.c: corrected compilation for non-pkcs11;
8136 reported by David Woodhouse.
8138 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8142 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8144 * lib/gnutls_state.c: avoid calls in gnutls_init()
8146 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8148 * lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
8149 lib/gnutls_state.c: the handshake function has a timeout value by
8152 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8154 * lib/ext/session_ticket.c: use wait and retransmit when receiving
8157 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8159 * tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
8160 to dtls-stress That allows it to replay messages in a kind of arbitrary way.
8162 2014-10-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8164 * lib/gnutls_global.c: report the FIPS140-2 mode
8166 2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8168 * tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
8169 check for GNUTLS_TL_GET_COPY
8171 2014-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8173 * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
8174 lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
8175 flag and documented the limitations of
8176 gnutls_x509_trust_list_get_issuer()
8178 2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8180 * lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
8181 actual function prototypes
8183 2014-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8185 * NEWS: updated news entry
8187 2014-09-30 Ludovic Courtès <ludo@gnu.org>
8189 * doc/gnutls-guile.texi: guile: doc: Remove erroneous @ifnottex.
8191 2014-09-30 Ludovic Courtès <ludo@gnu.org>
8193 * NEWS: Add NEWS entry for Guile changes.
8195 2014-09-30 Ludovic Courtès <ludo@gnu.org>
8197 * doc/gnutls-guile.texi: guile: doc: Make it clear that the bindings
8200 2014-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8202 * lib/gnutls_handshake.c: if receiving a ChangeCipherSpec fails,
8203 return GNUTLS_E_UNEXPECTED_PACKET That is more precise than the current
8204 GNUTLS_E_UNEXPECTED_PACKET_LENGTH
8206 2014-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8208 * lib/accelerated/x86/x86-common.c: use __hidden in solaris to
8209 provide the hidden visibility attribute
8211 2014-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8213 * lib/accelerated/x86/x86-common.h: no need to define
8216 2014-09-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8218 * lib/gnutls_cipher.c, lib/nettle/cipher.c: use
8219 MAX_CIPHER_BLOCK_SIZE more consistently
8221 2014-09-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8223 * lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
8224 GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
8226 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8228 * lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
8229 allow duplicate entries
8231 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8233 * src/danetool.c, src/tpmtool.c: more compiler warning fixes
8235 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8237 * configure.ac: configure: enabled more warnings
8239 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8241 * lib/ext/session_ticket.c, lib/gnutls_dtls.h,
8242 lib/gnutls_privkey.c, lib/openpgp/output.c, lib/random.c,
8243 lib/system.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c,
8244 src/certtool.c, src/cli.c: fixed compilation warnings
8246 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8248 * lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
8251 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8253 * lib/x509/x509.c: corrected type
8255 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8257 * configure.ac: configure: don't both with checks for padlock in
8260 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8262 * doc/Makefile.am, doc/manpages/Makefile.am, lib/libgnutls.map,
8263 symbols.last: updated auto-generated files
8265 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8267 * Makefile.am, README-alpha, devel/abi.xml, devel/abi3.2.xml: run
8268 abi-compliance-checker prior to release
8270 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8272 * lib/libgnutls.map: indented symbols
8274 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8276 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
8277 protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
8278 infinite loop on handshake
8280 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8282 * lib/gnutls_errors.c: removed unused error values
8284 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8286 * lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h:
8287 restrict the number of non-fatal errors gnutls_handshake() can
8290 2014-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8292 * lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
8293 splitting the errors to two tables
8295 2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8299 2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8301 * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
8302 lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
8303 tests/openpgp-auth.c, tests/x509cert.c: use unsigned types in
8306 2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8308 * configure.ac: enable gcc warnings by default
8310 2014-09-23 Armin Burgmeier <armin@arbur.net>
8312 * tests/openpgp-auth.c, tests/x509cert.c: Check the credentials
8313 getter functions as part of the unit tests
8315 2014-09-18 Armin Burgmeier <armin@arbur.net>
8317 * lib/includes/gnutls/x509.h, lib/libgnutls.map,
8318 lib/x509/verify-high.c: Add an interface to iterate the trusted CA
8319 certificates in a trust list Signed-off-by: Armin Burgmeier <armin@arbur.net>
8321 2014-09-18 Armin Burgmeier <armin@arbur.net>
8323 * lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
8324 lib/openpgp/gnutls_openpgp.c: Add getter functions for openpgp keys
8325 and certificates Signed-off-by: Armin Burgmeier <armin@arbur.net>
8327 2014-09-17 Armin Burgmeier <armin@arbur.net>
8329 * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
8330 lib/libgnutls.map: Add functions to obtain X.509 keys and
8331 certificates from certificate credentials Signed-off-by: Armin Burgmeier <armin@arbur.net>
8333 2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8335 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
8336 lib/libgnutls.map: enabled gnutls_privkey_export_pkcs11
8338 2014-09-17 Armin Burgmeier <armin@arbur.net>
8340 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
8341 lib/libgnutls.map: Add functions to export X.509 and OpenPGP private
8342 keys from the abstract type Signed-off-by: Armin Burgmeier <armin@arbur.net>
8344 2014-09-17 Armin Burgmeier <armin@arbur.net>
8346 * lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map:
8347 Add a function to obtain the trust list of a
8348 gnutls_certificate_credentials_t Signed-off-by: Armin Burgmeier <armin@arbur.net>
8350 2014-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8352 * lib/gnutls_pubkey.c: doc update
8354 2014-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8356 * .gitignore: more files to ignore
8358 2014-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8360 * NEWS, lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h: removed
8361 gnutls_pcert_get_type()
8363 2014-09-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8365 * configure.ac: only enable crywrap if libidn is present
8367 2014-09-22 Ludovic Courtès <ludo@gnu.org>
8369 * guile/src/core.c: guile: Restore cross-reference in
8370 'set-session-priorities!' docstring. This had been destroyed in 32d90395.
8372 2014-09-22 Ludovic Courtès <ludo@gnu.org>
8374 * guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
8375 guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
8376 bindings for 'gnutls_server_name_set'. This adds the 'set-session-server-name!' procedure and the
8377 'server-name-type' enum type.
8379 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8383 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8385 * tests/chainverify.c, tests/suite/certs/create-chain.sh,
8386 tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: Added
8387 checks for key purpose verification
8389 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8391 * lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
8392 lib/includes/gnutls/x509.h, lib/x509/common.h,
8393 lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
8394 Verify key purpose on intermediate certificate if
8395 GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified That introduces the verification flag
8396 GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE, and the verification
8397 result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this
8398 verification test must be explicitly enabled is because it is only
8399 defined in CA Forum's Baseline requirements 1.1.9 but not any IETF
8402 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8404 * src/certtool-args.def: certtool: updated the extended key usage
8407 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8409 * lib/includes/gnutls/gnutls.h.in: added missing prototype
8411 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8415 2014-09-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
8417 * lib/abstract_int.h, lib/gnutls_privkey.c,
8418 lib/includes/gnutls/abstract.h, lib/libgnutls.map: introduced
8419 gnutls_privkey_import_ext3() That function allows copying an external specified private key, as
8420 well as allow variability on the capabilities of an external key.
8422 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8424 * cross.mk: updated cross.mk
8426 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8430 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8432 * lib/x509/output.c: when printing a certificate request also print
8433 its signature algorithm
8435 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8437 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c:
8438 added gnutls_x509_crq_get_signature_algorithm()
8440 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8444 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8446 * lib/includes/gnutls/abstract.h: Added missing prototype
8448 2014-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8450 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
8451 lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_cpy()
8453 2014-09-17 Armin Burgmeier <armin@arbur.net>
8455 * lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
8456 lib/libgnutls.map: Add gnutls_certificate_get_verify_flags Signed-off-by: Armin Burgmeier <armin@arbur.net>
8458 2014-09-17 Armin Burgmeier <armin@arbur.net>
8460 * lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
8461 lib/libgnutls.map: Add API to retrieve a X.509 or OpenPGP
8462 certificate from a gnutls_pcert_t Signed-off-by: Armin Burgmeier <armin@arbur.net>
8464 2014-09-18 Armin Burgmeier <armin@arbur.net>
8466 * lib/x509/verify-high.c: Memory leak fix on certificate copy
8467 failure Signed-off-by: Armin Burgmeier <armin@arbur.net>
8469 2014-09-17 Armin Burgmeier <armin@arbur.net>
8471 * lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>
8473 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8475 * cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk
8477 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8479 * libdane/dane.c: libdane: do not require the CA to be a direct CA
8481 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8483 * tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
8484 test suite to pass more of the PKCS #11 API under valgrind
8486 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8488 * src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
8491 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8493 * src/common.c: tools: corrected pin entry
8495 2014-09-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
8497 * lib/gnutls_x509.c: cleaned up memory deallocation in
8498 read_cert_url() That caused unexpected results when loading PKCS #11 URLs. Reported
8501 2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8503 * doc/certtool.cfg: updated certtool.cfg
8505 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
8507 * tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
8508 cancelled out while we parse it, would result to a good signature.
8510 2014-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8512 * configure.ac: require explicit disabling of PKCS #11 in configure
8514 2014-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8516 * devel/DCO/people-dco.txt: Added Armin's DCO
8518 2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8520 * lib/x509/verify-high.c, lib/x509/verify.c: updated details on
8521 certificate verification
8523 2014-09-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
8525 * configure.ac: depend on p11-kit 0.20.7
8527 2014-09-16 Armin Burgmeier <armin@arbur.net>
8529 * lib/x509/verify.c, tests/test-chains.h: Check for all error
8530 conditions when verifying a certificate This allows to check for all possible flaws with a certificate chain
8531 with a single call to gnutls_x509_crt_list_verify and friends. Signed-off-by: Armin Burgmeier <armin@arbur.net>
8533 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8535 * configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6
8537 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8539 * lib/x509/verify.c: removed unneeded set of status
8541 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8543 * lib/x509/verify.c: pkcs11: when a signer isn't found in PKCS #11
8544 force the verification of the chain That allows obtaining any additional flags from the chain such as
8545 insecure algorithms or expirations.
8547 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8549 * src/psk.c: psktool: corrected resource leak on failure
8551 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8553 * lib/gnutls_x509.c: added sanity check on cleanup
8555 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8557 * lib/verify-tofu.c: removed unused variable
8559 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8561 * src/certtool.c: certtool: corrected typo in printing error
8563 2014-09-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
8565 * lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.
8567 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
8569 * doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
8572 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
8574 * lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c:
8575 unified the key purpose checks functions
8577 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
8579 * lib/includes/gnutls/x509.h, lib/x509/common.h,
8580 lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
8581 same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
8582 will overwrite any previous one with the same name and key.
8584 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
8586 * lib/x509/verify-high.c: hostname and key purpose checks were moved
8589 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
8591 * lib/x509/output.c, lib/x509/x509_ext.c: doc update
8593 2014-09-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
8595 * lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()
8597 2014-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8599 * tests/scripts/common.sh: tests: use the PID number in RPORT The shell's RANDOM isn't that random.
8601 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
8603 * lib/minitasn1/decoding.c: updated libtasn1
8605 2014-09-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
8607 * doc/cha-gtls-app.texi: documented the environment variables
8609 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8611 * configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
8612 pkcs11x.h when it doesn't exist
8614 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8616 * tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
8617 check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls
8619 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8621 * tests/suite/certs/create-chain.sh: create-chain.sh: generate CRL
8623 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8625 * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
8626 invalid status Reported by Armin Burgmeier.
8628 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8630 * lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
8631 set the invalid status" This reverts commit a922ee10c5f3902988e5730a1e6fbf77b033058c.
8633 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8635 * lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
8636 invalid status Reported by Armin Burgmeier.
8638 2014-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8640 * lib/gnutls_ui.c: doc update
8642 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8644 * lib/pkcs11x.c: added missing file
8646 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8648 * src/pkcs11.c: p11tool: print Attached Extensions, instead of
8651 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8653 * lib/x509/verify-high.c: when adding a duplicate certificate, keep
8656 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8658 * lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
8659 lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.h,
8660 lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: added
8661 gnutls_pkcs11_copy_attached_extension()
8663 2014-09-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
8665 * tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
8666 hardcode the chain number, use its name
8668 2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
8670 * lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: Revert
8671 "corrected planned version number" This reverts commit 5e44f432580f8b9533223acc3060db26446f0e96.
8673 2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
8675 * lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
8676 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
8677 src/pkcs11.c: fixes in the extension handling
8679 2014-09-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
8681 * src/pkcs11.c: p11tool: will print trust module extensions if
8684 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8686 * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
8687 check the key purpose of the CA certificate when in pkcs11 cert
8690 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8692 * lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
8693 lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
8694 lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
8695 lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
8696 in a trust module using
8697 GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT
8699 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8701 * lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
8702 lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
8703 and prefixed s/get_extension with _gnutls
8705 2014-09-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
8707 * lib/x509/verify-high.c: doc update
8709 2014-09-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
8711 * lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: corrected
8712 planned version number
8714 2014-09-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
8716 * lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
8717 lib/includes/gnutls/x509.h, lib/libgnutls.map,
8718 lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
8719 with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
8722 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8724 * lib/x509/x509_ext.c: doc update
8726 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8728 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
8729 lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
8730 gnutls_x509_crq_get_extension_by_oid2()
8732 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8734 * lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
8735 lib/x509/verify-high.c: Added
8736 gnutls_x509_trust_list_verify_purpose_crt()
8738 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8740 * src/tpmtool.c: tpmtool: corrected key password read
8742 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8744 * src/danetool.c: set umask prior to calling mkstemp
8746 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8748 * lib/x509/verify-high.c: initialize verification output to zero
8750 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8752 * lib/gnutls_buffers.c: dtls: when discarding packet, discard the
8753 correct number of bytes
8755 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8757 * lib/x509/hostname-verify.c: check_ip: initialize ret
8759 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8761 * lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
8762 null to prevent any issue
8764 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8766 * lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
8769 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8771 * lib/nettle/rnd-fips.c: corrected issue in fips RNG
8773 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8775 * lib/nettle/pk.c: added comment to clarify check
8777 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8779 * lib/opencdk/literal.c: opencdk: corrected unsigned comparison
8781 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8783 * lib/tpm.c: fixes in loop for SRK password input
8785 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8787 * src/common.c: apps: corrected GNUTLS_PIN reading
8789 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8791 * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
8792 corrected CRL loading error
8794 2014-09-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
8796 * src/certtool-cfg.c: certtool: corrected copy+paste error
8798 2014-09-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8800 * tests/suite/suppressions.valgrind, tests/suppressions.valgrind:
8801 tests: simply valgrind suppressions for libidn
8803 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8805 * tests/dsa/testdsa, tests/openpgp-certs/testcerts,
8806 tests/scripts/common.sh, tests/suite/testcompat-main,
8807 tests/suite/testpkcs11, tests/suite/testsrn: use random ports in
8808 tests, unless a port is provided
8810 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8812 * lib/x509/verify-high2.c: corrected usage of readdir_r()
8814 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8816 * src/ocsptool-common.c: ocsptool: better error message
8818 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8820 * lib/x509/verify-high2.c: reentrant fixes for
8821 gnutls_x509_trust_list_add_trust_dir() handle unknown file types
8823 2014-09-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
8825 * src/certtool-args.def: doc update
8827 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8829 * lib/x509/x509_dn.c: optimized escaped comma handling
8831 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8833 * m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.
8835 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8837 * tests/crq_apis.c: tests: extended crq API checks
8839 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8841 * lib/x509/x509_write.c: doc update
8843 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8845 * lib/x509/x509_dn.c: when setting a DN properly handle spaces and
8848 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8850 * lib/x509/common.c: simplified _gnutls_x509_get_signed_data()
8852 2014-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8854 * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
8855 lib/x509/x509.c: The get_raw_dn() functions were modified to work
8856 even if the certificate is generated (not imported)
8858 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8860 * lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
8861 which have data. Reported by Manuel Pégourié-Gonnard.
8863 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8865 * tests/Makefile.am, tests/mini-dtls-lowmtu.c: tests: Check the
8866 behavior of a DTLS server in a low-mtu scenario. http://permalink.gmane.org/gmane.network.gnutls.general/3582
8868 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8870 * configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
8873 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8875 * lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
8878 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8880 * lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
8883 2014-09-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
8885 * tests/ocsp.c: tests: Added tests on the invalid OCSP response
8887 2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8889 * lib/fips.c: fips140: check the integrity of GMP
8891 2014-09-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
8893 * lib/x509/common.h, lib/x509/verify.c: when comparing an
8894 end-certificate with the trusted list compare the entire certificate
8896 2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8898 * tests/test-chains.h: tests: Added test for amazon.com chain with
8901 2014-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8903 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
8904 lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
8905 lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
8906 certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
8907 different one with the same name and the same key. That can happen
8908 when an intermediate CA certificate is replaced by a self-signed
8911 2014-09-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
8913 * lib/fips.c, lib/fips.h, lib/gnutls_global.c,
8914 lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
8915 rounds One round is before the AES acceleration is registered, and the
8916 second is after. That is to allow testing of the AES implementation
8917 used in the DRBG. That is a hack until nettle handles all cipher
8920 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
8922 * lib/x509/name_constraints.c: name constraints: do not check CN
8923 when a DNSname is available
8925 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
8927 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h:
8928 drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.
8930 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
8932 * lib/crypto-selftests.c: fips140: fail on encryption test failure
8934 2014-09-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
8936 * lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
8937 put the library into error state
8939 2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8941 * doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex:
8944 2014-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8946 * doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
8947 fixes in sectioning for p11tool and tpmtool invocation
8949 2014-08-29 Tristan Matthews <le.businessman@gmail.com>
8951 * lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
8953 2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8955 * src/pkcs11.c: p11tool: allow printing multiple types of tokens
8957 2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8959 * lib/x509/hostname-verify.c: remove text not applicable in that
8962 2014-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
8964 * lib/x509/hostname-verify.c: refer to rfc6125
8966 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8968 * lib/x509/privkey.c: additional sanity check in RSA key generation
8969 testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
8970 prevent any issues with an accidental null encryption.
8972 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8974 * lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
8975 error state if key generation fails
8977 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8979 * lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
8980 allocations and keep a pointer to the DER data for DN
8982 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8984 * lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
8985 importing a CRL keep the DER data
8987 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8989 * lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
8990 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
8991 importing a certificate, keep the DER data
8993 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8995 * lib/ext/session_ticket.c: doc update
8997 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
8999 * cfg.mk, configure.ac, devel/openssl,
9000 lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c:
9001 added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
9004 2014-08-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
9006 * devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
9007 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
9008 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
9009 lib/accelerated/x86/elf/ghash-x86_64.s,
9010 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
9011 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
9012 lib/accelerated/x86/macosx/ghash-x86_64.s,
9013 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
9014 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Revert "updated
9015 asm sources" This reverts commit 97895066e18abc5689ede9af1a463539ea783e90.
9017 2014-08-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9019 * src/pkcs11.c: p11tool: when listing tokens, list their type as
9022 2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9024 * lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s
9026 2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9028 * devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
9029 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
9030 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
9031 lib/accelerated/x86/elf/ghash-x86_64.s,
9032 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
9033 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
9034 lib/accelerated/x86/macosx/ghash-x86_64.s,
9035 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
9036 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
9039 2014-08-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
9041 * lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
9042 data in a single pass
9044 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9046 * tests/suite/suppressions.valgrind: tests: added more idna valgrind
9049 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9051 * lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
9052 objects at a time That improves the performance significantly when reading from tokens
9053 with a significant number of objects. Reported by David Woodhouse.
9055 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9057 * lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
9058 object cannot be imported
9060 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9062 * lib/pkcs11.c: pkcs11: allow objects without label or without ID
9064 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9066 * tests/test-chains.h: tests: updated name constraints checks to not
9069 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9071 * tests/cert-tests/Makefile.am,
9072 tests/cert-tests/name-constraints-err.pem,
9073 tests/cert-tests/name-constraints-err.pem.out,
9074 tests/cert-tests/verify-test: Revert "tests: Added a nameconstraints
9075 test based on the CN bypass" The bypass check was included in
9076 chainverify. This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a.
9078 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9080 * lib/x509/name_constraints.c, lib/x509/x509.c: doc update
9082 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9084 * lib/x509/verify.c: only check name constraints in non-CA
9087 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9089 * lib/x509/name_constraints.c: ignore constraints for different type
9092 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9094 * tests/cert-tests/Makefile.am,
9095 tests/cert-tests/name-constraints-err.pem,
9096 tests/cert-tests/name-constraints-err.pem.out,
9097 tests/cert-tests/verify-test: tests: Added a nameconstraints test
9098 based on the CN bypass That was discussed in:
9099 http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/26660
9101 2014-08-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
9103 * lib/x509/name_constraints.c: when verifying name constrains
9104 enforce the single CN rule
9106 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9108 * cross.mk: cross.mk: compile gnutls without p11-kit by default
9110 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9112 * cross.mk: cross.mk: do not delete the pkgconfig directory
9114 2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9116 * devel/DCO/people-dco.txt: Added Alon's DCO link
9118 2014-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9120 * src/libopts/autoopts.h: check for stdnoreturn.h presence
9122 2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
9124 * tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
9125 support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
9127 2014-08-24 Alon Bar-Lev <alon.barlev@gmail.com>
9129 * lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
9131 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9133 * lib/gnutls_record.c: record: tolerate a finished packet with
9136 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9138 * lib/gnutls_record.c: record: in DTLS discard only messages that
9139 cause unexpected packet errors
9141 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9143 * tests/suite/suppressions.valgrind: tests: suppress more libidn
9146 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9148 * src/danetool.c: danetool: ensure the temporary file is always
9151 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9153 * lib/ext/server_name.c, lib/includes/gnutls/gnutls.h.in: the
9154 server_name extension will convert input and output names to IDNA.
9156 2014-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9158 * src/Makefile.am, src/socket.c: tools: use idna_to_ascii_8z() to
9159 convert internationalized hostnames
9161 2014-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9163 * lib/x509/gnutls-idna.h, lib/x509/hostname-verify.c,
9164 lib/x509/output.c: hostname-verify: use idn_free()
9166 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9168 * lib/gnutls_errors.c: doc update
9170 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9172 * lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
9173 parameter generation only when FIPS-mode is enabled.
9175 2014-08-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9177 * lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
9178 qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
9179 generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.
9181 2014-08-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
9183 * lib/system.c: use the windows API in windows even if iconv is
9186 2014-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9188 * cross.mk: win32: updated Makefile and added the ability build
9191 2014-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9193 * configure.ac: check for the correct version of libidn
9195 2014-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9197 * tests/hostname-check.c: tests: Added case sensitive checks in
9198 hostname verification
9200 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9202 * tests/suite/suppressions.valgrind: tests: copied valgrind
9203 suppressions to suite
9205 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9207 * lib/minitasn1/decoding.c: updated libtasn1
9209 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9211 * tests/suppressions.valgrind: tests: suppress valgrind warnings due
9214 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9218 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9220 * lib/x509/Makefile.am, lib/x509/gnutls-idna.h,
9221 lib/x509/hostname-verify.c, lib/x509/output.c:
9222 gnutls_x509_crt_print() will print the IDNA A-label names as well.
9224 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9226 * tests/hostname-check.c: tests: added UTF-8 hostname comparison
9229 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9231 * configure.ac, lib/Makefile.am, lib/x509/hostname-verify.c: Added
9232 support for RFC6125 hostname comparison That adds the dependency on libidn.
9234 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9236 * lib/x509/Makefile.am, lib/x509/hostname-verify.c,
9237 lib/x509/rfc2818_hostname.c: renamed rfc2818_hostname to
9238 hostname-verify The file no longer follows RFC2818.
9240 2014-08-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
9242 * lib/minitasn1/decoding.c: updated minitasn1
9244 2014-08-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
9246 * lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
9247 lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
9248 structures on re-import to avoid memory leaks. That also adds the gnutls_pkcs7_t structure into the list of allowed
9251 2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9253 * lib/verify-tofu.c: doc update
9255 2014-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9257 * lib/verify-tofu.c: doc update
9259 2014-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9261 * lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
9262 lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h:
9263 Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
9264 previous import failed.
9266 2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9268 * src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
9269 command line option That option will report the status of the FIPS140-2 mode in the
9272 2014-08-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
9274 * lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
9275 used to force the FIPS-140-2 mode
9277 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9279 * src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs
9281 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9283 * lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
9284 single CN must be present for hostname verification. Follow up on the original commit that simplifies checking for more
9285 than a single hostname.
9287 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9289 * src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c:
9290 gnutls-cli/danetool: added a common check for hostname being an IP
9292 2014-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9294 * lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
9295 rfc6125 requirement that a single CN must be present for hostname
9298 2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9300 * tests/hostname-check.c: tests: check that
9301 gnutls_x509_crt_check_hostname() will correctly use the last CN when
9304 2014-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9306 * lib/x509/rfc2818_hostname.c: when checking the hostname of a
9307 certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
9308 Woodhouse. https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
9310 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9312 * src/benchmark-cipher.c: gnutls-cli: more organized printing of
9313 cipher benchmark output
9315 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9317 * src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
9320 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9322 * m4/hooks.m4: bumped current and age version to allow 3.3.x
9323 releases with new symbols
9325 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9327 * lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key(): enforce a
9328 block size of 64-bytes
9330 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9332 * lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map:
9333 mac_to_entry -> _gnutls_mac_to_entry
9335 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9337 * lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP
9339 2014-08-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
9341 * lib/x509/pkcs12.c: pkcs12: added check for null OID in
9342 gnutls_pkcs12_generate_mac2
9344 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9348 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9350 * tests/pkcs12_encode.c: tests: check gnutls_pkcs12_generate_mac2()
9352 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9354 * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
9355 lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_generate_mac2() That allows a choice on the MAC algorithm to be used.
9357 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9361 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9363 * src/certtool.c: certtool: --p12-info will provide information on
9366 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9368 * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
9369 lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_mac_info to obtain
9370 information on the MAC
9372 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9374 * lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
9375 keys tests for new internal API
9377 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9379 * tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12:
9380 tests: test the decoding of a PKCS #12 structure with SHA256 MAC
9382 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9384 * lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
9385 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
9386 verification with structures that support other than HMAC-SHA1 MACs.
9388 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9390 * tests/gc.c: tests: remove test for nettle's pbkdf2; this is tested
9393 2014-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9395 * lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()
9397 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9399 * tests/suite/testdane: testdane: re-enabled DANE checks and added
9402 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9404 * src/danetool.c: danetool: obtain certificate only once
9406 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9408 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
9409 modified prototype and doc to be recognized by doc parser
9411 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9415 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9417 * src/cli-debug-args.def, src/danetool-args.def, src/socket.c:
9418 danetool/gnutls-cli-debug: added support for imap starttls
9420 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9422 * src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
9423 supports SMTP starttls
9425 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9427 * src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h:
9428 danetool: supports SMTP starttls
9430 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9432 * src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
9433 improvements in information presentation
9435 2014-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9437 * libdane/dane.c: libdane: disable debugging mode
9439 2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9441 * lib/gnutls_handshake.c: updated documentation for
9444 2014-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9446 * src/Makefile.am, src/cli.c, src/danetool.c,
9447 src/ocsptool-common.c, src/socket.c, src/socket.h,
9448 tests/suite/testdane: danetool: if the certificate to verify against
9449 is not provide it try to obtain it
9451 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9455 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9457 * lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
9458 lib/x509/pbkdf2-sha1.h, lib/x509/privkey_openssl.c,
9459 lib/x509/privkey_pkcs8.c, tests/gc.c: pbkdf2: removed internal
9460 implementation, use nettle's
9462 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9464 * lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
9465 crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.
9467 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9469 * lib/pkcs11_privkey.c: corrected typo
9471 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9473 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
9474 p11tool: added --info parameter That allows obtaining information on a specific object.
9476 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9478 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
9479 GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL. That
9480 is, this performs an object URL comparison, rather than a token URL
9483 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9485 * src/p11tool.c: p11tool: only print the debugging message in
9488 2014-08-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
9490 * lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
9491 GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP
9493 2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9495 * doc/cha-intro-tls.texi: removed reference to UMAC
9497 2014-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9499 * doc/cha-intro-tls.texi: removed references to SALSA20
9501 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9503 * lib/pkcs11_privkey.c: doc update
9505 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9507 * tests/suite/testpkcs11: testpkcs11: rearranged checks to avoid
9510 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9512 * lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.
9514 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9516 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
9517 src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
9518 gnutls_pkcs11_obj_flags_get_str
9520 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9522 * tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c:
9523 tests: ensure that no environment variables confuse softhsm
9525 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9527 * tests/suite/testpkcs11: testpkcs11: test the trusted and ca flags
9530 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9532 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
9533 lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c:
9534 pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
9535 and gnutls_pkcs11_flags_get_str() allows printing them.
9537 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9539 * lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
9540 gnutls_pkcs11_obj_flags
9542 2014-08-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
9544 * tests/suite/testpkcs11: testpkcs11: exit if
9545 export_pubkey_of_privkey fails
9547 2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9551 2014-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9553 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
9554 p11tool: simplify the passing of flags and pass the key wrapping
9557 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9559 * README: README: removed gmplib 4.2.2 reference
9561 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9563 * src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
9566 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9568 * lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
9569 _gnutls_privkey_get_mpis: extended to work for PKCS #11 keys
9571 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9573 * lib/pkcs11.c, lib/pkcs11_privkey.c: doc update
9575 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9577 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
9578 lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
9579 gnutls_pkcs11_privkey_get_pubkey; named
9580 gnutls_pkcs11_privkey_export_pubkey
9582 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9584 * lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
9585 GNUTLS_E_INVALID_REQUEST on invalid params
9587 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9589 * src/p11tool.c: p11tool: activate the --batch option
9591 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9593 * tests/suite/testpkcs11: testpkcs11: Test the export of public key
9595 2014-08-06 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
9597 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
9598 add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
9600 2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
9602 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
9603 lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
9604 subsystem There are cases where we need to export the public key of private
9605 key at a later time. Previously, the public key was only available
9606 immediately after creation of a key pair. This patch allows to
9607 retrieve the public key of a private key at any time after creation. Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
9609 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9611 * lib/pkcs11_privkey.c: documented flags format
9613 2014-08-04 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
9615 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
9616 compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
9618 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9620 * src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
9621 CAMELLIA to the list of default ciphers
9623 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9625 * doc/cha-gtls-app.texi: doc update
9627 2014-08-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
9629 * doc/cha-gtls-app.texi: mention profile in security parameters
9632 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9634 * devel/DCO/people-dco.txt: Added people who have sent a DCO for
9637 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9641 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9643 * lib/x509/privkey_pkcs8.c: pkcs12: fixes in decryption with null
9646 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9648 * src/certtool.c: certtool: free unused variables
9650 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9652 * tests/pkcs8-decode/Makefile.am,
9653 tests/pkcs8-decode/suppressions.valgrind: added missing file
9655 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9657 * src/certtool.c: certtool: print more information on PKCS #12
9658 structures. use gnutls_pkcs12_bag_enc_info to print more information on
9659 encrypted PKCS #12 structures.
9661 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9663 * lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
9664 lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
9665 lib/x509/x509_int.h: added new function to obtain information on a
9666 PKCS #12 encrypted bag New function: gnutls_pkcs12_bag_enc_info()
9668 2014-08-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
9670 * lib/x509/privkey_pkcs8.c: doc update
9672 2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9674 * src/certtool.c: certtool: default pkcs-cipher is now 3des as in
9677 2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9679 * lib/includes/gnutls/x509.h, lib/x509/privkey_pkcs8.c,
9680 src/certtool.c: gnutls_pkcs8_info: will return OID value even on
9681 unsupported structures
9683 2014-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9685 * lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
9688 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9690 * NEWS, src/certtool-args.def: doc update
9692 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9694 * lib/x509/privkey_pkcs8.c: simplified decrypt_data() and initialize
9695 parameters on decryption
9697 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9699 * lib/x509/privkey_pkcs8.c: further increase iteration count
9701 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9703 * src/certtool.c, tests/pkcs8-decode/Makefile.am,
9704 tests/pkcs8-decode/openssl-3des.p8.txt,
9705 tests/pkcs8-decode/openssl-aes128.p8.txt,
9706 tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8:
9707 certtool: improved PKCS #8 information printing
9709 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9711 * tests/pkcs8-decode/Makefile.am,
9712 tests/pkcs8-decode/openssl-3des.p8,
9713 tests/pkcs8-decode/openssl-3des.p8.txt,
9714 tests/pkcs8-decode/openssl-aes128.p8,
9715 tests/pkcs8-decode/openssl-aes128.p8.txt,
9716 tests/pkcs8-decode/openssl-aes256.p8,
9717 tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8:
9718 tests: added more PKCS #8 decoding tests
9720 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9722 * lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: small fixes and
9723 optimizations in PKCS #8 information
9725 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9729 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9731 * src/certtool-args.def, src/certtool.c: certtool: added --p8-info
9734 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9736 * lib/includes/gnutls/x509.h, lib/libgnutls.map,
9737 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: added new functions
9738 to obtain information on PKCS #8 structures. Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(), and
9739 gnutls_pkcs_schema_get_oid().
9741 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9743 * lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
9744 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS #8 encryption
9745 support was made more compact and manageable
9747 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9749 * lib/x509/pkcs12.c: pkcs12: increased the number of iterations for
9752 2014-08-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
9754 * lib/atfork.c: removed debugging info
9756 2014-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
9758 * lib/atfork.h, lib/nettle/rnd-common.c, lib/system.h,
9759 lib/x509/verify-high2.c: several windows compilation fixes
9761 2014-07-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
9763 * lib/includes/gnutls/gnutls.h.in: gnutls.h: use _SYM_EXPORT to
9764 export other than function symbols
9766 2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9768 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
9769 src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
9770 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
9771 src/libopts/autoopts.c, src/libopts/autoopts.h,
9772 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
9773 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
9774 src/libopts/check.c, src/libopts/compat/compat.h,
9775 src/libopts/compat/windows-config.h, src/libopts/configfile.c,
9776 src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
9777 src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
9778 src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
9779 src/libopts/load.c, src/libopts/m4/libopts.m4,
9780 src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
9781 src/libopts/nested.c, src/libopts/numeric.c,
9782 src/libopts/option-value-type.c, src/libopts/option-value-type.h,
9783 src/libopts/option-xat-attribute.c,
9784 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
9785 src/libopts/parse-duration.h, src/libopts/pgusage.c,
9786 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
9787 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
9788 src/libopts/stack.c, src/libopts/streqvcmp.c,
9789 src/libopts/text_mmap.c, src/libopts/time.c,
9790 src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
9791 updated to libopts 5.18.3
9793 2014-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9795 * build-aux/config.rpath, build-aux/gendocs.sh,
9796 doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
9797 gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
9798 gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
9799 src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
9800 src/gl/select.c, src/gl/xalloc.h: updated gnulib
9802 2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
9804 * lib/x509/pkcs12.c: updated documentation for
9805 gnutls_pkcs12_simple_parse
9807 2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
9809 * NEWS, configure.ac: master now holds the 3.4.0 release
9811 2014-07-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
9813 * configure.ac, lib/Makefile.am, lib/atfork.c, lib/atfork.h,
9814 lib/gnutls_global.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
9815 lib/pkcs11.c: Use pthread_atfork() and variants to detect fork
9817 2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9821 2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9823 * lib/Makefile.am, lib/inet_pton.c, lib/system.h,
9824 lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
9825 inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
9828 2014-07-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
9830 * doc/cha-cert-auth.texi: Added text on PKCS #11 verification
9832 2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9834 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
9835 lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
9836 lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
9837 applications that use a header of gnutls. Report and patch Ryan
9840 2014-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9842 * Makefile.am, configure.ac, doc/Makefile.am: check for sed in
9843 configure.ac and use the output variable in Makefiles
9845 2014-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9847 * lib/gnutls_handshake.c: doc update
9849 2014-07-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
9851 * tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
9852 to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
9853 functionality is present.
9855 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9857 * libdane/dane.c: doc update
9859 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9861 * tests/Makefile.am: tests: added libdane/includes to includes dir
9863 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9865 * NEWS: released 3.3.6
9867 2014-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9869 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
9872 2014-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9874 * m4/hooks.m4: bumped library version
9876 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9878 * libdane/dane.c: libdane: simplified initialization of variables.
9880 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9882 * libdane/dane.c: libdane: bogus and secure values are always
9883 initialized in dane_query_to_raw_tlsa
9885 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9887 * tests/dane.c: tests: eliminated leak from dane check
9889 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9891 * libdane/dane.c: libdane: use gnutls_malloc() and doc update
9893 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9895 * tests/Makefile.am, tests/dane.c: Added self test for DANE raw
9898 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9900 * src/danetool-args.def, src/danetool.c: danetool: added option to
9901 print the raw entries.
9903 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9905 * libdane/dane.c: doc update
9907 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9909 * lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols
9911 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9913 * lib/accelerated/x86/aes-gcm-x86-pclmul.c,
9914 lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
9917 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9919 * lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
9920 _gnutls_prf_raw() which can calculate the TLS PRF without depending
9921 on a session structure.
9923 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9925 * lib/fips.c: fips140-2: do not check the libtasn1's integrity
9927 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9929 * lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
9930 allowed in TLS 1.0. That is because they implement the EncryptedPreMasterSecret encoding
9931 according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
9932 and there can be ambiguities when using that over SSL 3.0. See:
9933 http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html
9935 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9937 * lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
9938 any action That allows a valid err_pos, even on a memory allocation error.
9939 Reported by Dan Fandrich.
9941 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9943 * doc/TODO: updated TODO
9945 2014-07-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
9947 * lib/algorithms/ciphersuites.c: minimum version was changed to TLS
9948 1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
9949 usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
9951 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9953 * lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
9954 returned on reinitialization
9956 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9958 * tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c:
9959 tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()
9961 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9963 * lib/gnutls_x509.c: doc update
9965 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9969 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9971 * lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
9972 lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()
9974 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9976 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
9977 lib/x509/verify-high2.c: Added
9978 gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
9979 with trusted certificates.
9981 2014-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9983 * configure.ac, lib/system.c: Allow specifying a directory as trust
9986 2014-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
9990 2014-07-10 Simon Arlott <sa.me.uk>
9992 * libdane/dane.c, libdane/includes/gnutls/dane.h,
9993 libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
9994 dane_raw_tlsa() to make it easy to copy the results of the
9995 (synchronous) lookup query from one process to another. This code allocates an unnecessary extra NULL entry for
9996 dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
9997 is 0 (it is possible for malloc/calloc to return NULL when requested
9998 to allocate 0 bytes). Signed-off-by: Simon Arlott
10000 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10002 * lib/fips.c: FIPS140-2 tests: no need for MD5 check
10004 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10006 * lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
10007 (and time-consuming) tests.
10009 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10011 * lib/accelerated/x86/x86-common.c: Allow specifying
10012 GNUTLS_CPUID_OVERRIDE in either hex or decimal.
10014 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10018 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10020 * lib/accelerated/x86/x86-common.c: Added option to disable any cpu
10023 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10025 * lib/accelerated/x86/x86-common.c,
10026 lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
10029 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10031 * lib/accelerated/x86/x86-common.c: Allow overriding the detected
10032 CPUID using the GNUTLS_CPUID_OVERRIDE environment variable
10034 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10036 * lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
10037 check for RSA encryption
10039 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10041 * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
10042 and DSA-3072 bit keys, as well as SHA256.
10044 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10046 * lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
10047 and RSA-3072 bit keys
10049 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10051 * lib/crypto-selftests-pk.c: tests: check RSA with SHA256
10053 2014-07-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
10055 * lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
10056 encrypted data differ from plaintext
10058 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10060 * lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
10061 size required by SP800-38D (section 8.2)
10063 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10067 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10069 * src/certtool-args.def, src/certtool-common.c,
10070 src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
10071 src/p11tool.c: p11tool/certtool: Added --curve parameter. The curve parameter allows to explicitly specify the curve to use
10072 when generating a key.
10074 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10078 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10080 * lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
10081 lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
10082 CKA_EC_PARAMS when generating an ECDSA key
10084 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10086 * src/pkcs11.c: p11tool: only print warning about key sizes in RSA
10089 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10091 * src/pkcs11.c: p11tool: make brief output more brief
10093 2014-07-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
10095 * lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
10098 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10100 * libdane/dane.c: dane: Skip DANE entries that may contain unknown
10101 info That would allow skipping any future entries without failing.
10102 Reported by Simon Arlott.
10104 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10106 * libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain. Reported by
10109 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10111 * doc/examples/ex-cert-select-pkcs11.c,
10112 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
10113 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
10114 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
10115 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
10116 doc/examples/ex-serv-x509.c: examples: mention that
10117 gnutls_global_init() is optional
10119 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10121 * doc/cha-tokens.texi: doc: mention and link to trust storage module
10123 2014-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10125 * doc/cha-bib.texi, doc/cha-tokens.texi: doc update
10127 2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10131 2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10133 * lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
10134 a sanity check for valid keys. There can be keys where the id or label is empty and thus with zero
10137 2014-07-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10139 * lib/pkcs11.c: Increased number of attributes
10141 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10145 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10147 * lib/pkcs11_privkey.c: try to restart on session errors, to avoid
10148 having a failed call.
10150 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10152 * lib/pkcs11.c: corrected pkcs11 reinitialization
10154 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10156 * lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
10157 invalidate the cached session.
10159 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10161 * lib/pkcs11.c: set the maximum value when printing
10162 library_description
10164 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10166 * lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
10167 #11 privkey cached session
10169 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10173 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10175 * src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
10176 and private objects, and there is no one-size fits all policy. Thus
10177 allow a proper failure and warn the user that so-login may be
10180 2014-07-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10182 * tests/suite/testpkcs11: testpkcs11: Try to write the trusted
10183 object both by so-pin and normal pin
10185 2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10187 * tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
10188 deleted after generation
10190 2014-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10192 * configure.ac, m4/hooks.m4: bumped version
10194 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10196 * tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm
10198 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10202 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10204 * src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
10205 GNUTLS_SO_PIN when setting the PINs of an initialized token.
10207 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10209 * tests/slow/gendh.c: tests: gendh: increased the DH prime size to
10210 allow usage under FIPS140-2 mode
10212 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10214 * src/common.c: tools: when in batch mode and no PIN, print a note
10215 about using the environment variables
10217 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10219 * tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
10220 size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.
10222 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10224 * tests/crq_key_id.c: tests: improved error reporting in crq_key_id
10226 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10228 * doc/cha-upgrade.texi: doc: properly terminate table
10230 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10232 * lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
10233 from the acceptable bit sizes in FIPS140-2 DSA parameter generation.
10235 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10239 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10243 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10245 * src/certtool.c, src/common.c, src/common.h, src/danetool.c,
10246 src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
10247 mode and will not ask for PIN.
10249 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10251 * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
10252 src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
10253 specified. Added --batch parameter to disable interaction.
10255 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10257 * src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
10258 only a single token available, don't bother complaining about
10259 specifying the correct URL
10261 2014-07-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10263 * lib/nettle/int/drbg-aes.h: updated comment
10265 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10269 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10271 * src/certtool-args.def: certtool: document that URLs are supported
10273 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10275 * src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable
10277 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10279 * tests/suite/Makefile.am, tests/suite/testpkcs11,
10280 tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
10281 tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite
10283 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10285 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
10286 gnutls_pkcs11_privkey_generate2(): corrected public key extraction
10289 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10291 * src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
10292 security officer's PIN
10294 2014-07-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
10296 * src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
10297 src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.
10299 2014-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10301 * lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
10302 and IPv6 address matching.
10304 2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10306 * tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE
10308 2014-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10310 * doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
10313 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10315 * lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
10316 doesn't fit into our buffer.
10318 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10320 * lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
10321 as a hostname There are several misconfigured servers that placed their IP as a
10322 DNS name. Pointed out by David Woodhouse.
10324 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10326 * lib/x509/output.c: supress warnings
10328 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10332 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10334 * configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
10335 instead for AF_INET6
10337 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10339 * configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
10340 addresses. The old dumb code is used in systems that don't have that function.
10342 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10344 * tests/hostname-check.c: tests: Added test cases for IPv4/6
10347 2014-06-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10349 * lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
10350 checks text ip addresses as well. That aligns the documentation with the implementation. Reported by
10353 2014-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10355 * lib/gnutls_str.c: initialize str to NULL
10357 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10359 * lib/x509/crl.c: fixed documentation
10361 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10363 * tests/cert-tests/aki, tests/cert-tests/pathlen,
10364 tests/cert-tests/pem-decoding, tests/suite/crl-test,
10365 tests/suite/invalid-cert, tests/suite/testcompat-main,
10366 tests/suite/testrandom: tests: better replacement of LIBTOOL
10367 variable in scripts
10369 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10371 * tests/Makefile.am: tests: ship certs/
10373 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10375 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
10378 2014-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10380 * NEWS, configure.ac, m4/hooks.m4: bumped version
10382 2014-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10384 * src/serv-args.def, src/serv.c: gnutls-serv: removed the
10385 --print-cert option; the cert was anyway being printed.
10387 2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10389 * doc/TODO: doc update
10391 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10393 * src/p11tool-args.def: corrected typo
10395 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10397 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
10398 lib/minitasn1/element.c, lib/minitasn1/element.h,
10399 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
10400 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
10401 lib/minitasn1/structure.c: minitasn1: updated to version 4.0
10403 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10405 * src/p11tool-args.def: p11tool: updated documentation
10407 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10409 * src/pkcs11.c: p11tool: Warn when no --outfile has been specified
10412 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10416 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10418 * tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
10419 structure generation and decoding.
10421 2014-06-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10423 * src/certtool-args.def, src/certtool-common.c,
10424 src/certtool-common.h, src/certtool.c: certtool: allow specifying
10425 the friendly name on the command line and use the
10426 load-ca-certificate
10428 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10430 * src/pkcs11.c: p11tool: warn in more operations if --login is not
10433 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10435 * src/pkcs11.c: p11tool: No longer assume a default URL for
10438 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10440 * src/common.c: p11tool: Do not allow a newline as PIN.
10442 2014-06-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
10444 * lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
10447 2014-06-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
10449 * THANKS: updated thanks file
10451 2014-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10453 * README: clarified license text
10455 2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
10457 * src/cli.c: gnutls-cli: Do not try to load the system CA trust if
10458 --insecure is specified.
10460 2014-06-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
10462 * lib/gnutls_srp.c: doc: more consistent use of pointer star.
10464 2014-06-16 Attila Molnar <attilamolnar@hush.com>
10466 * lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
10467 for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>
10469 2014-06-16 Attila Molnar <attilamolnar@hush.com>
10471 * doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
10472 Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
10473 in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>
10475 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10477 * NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
10478 lib/gnutls_record.c, lib/gnutls_record.h,
10479 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
10480 src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
10481 introduced to avoid exporting a structure on the API. That change will allow exporting more info associated with a packet
10484 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10486 * lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
10487 the same on resumed sessions.
10489 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10493 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10495 * tests/suite/pkcs11-chainverify.c: Test the return code of
10496 gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
10497 token. Check whether the return code of
10498 gnutls_x509_trust_list_add_trust_file() is non-zero when
10499 certificates are present.
10501 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10503 * lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
10504 returns the number of certificates present when loading a PKCS #11
10507 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10509 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
10510 p11tool: Allow marking a certificate as a CA.
10512 2014-06-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
10514 * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
10515 GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA
10518 2014-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10520 * doc/README.CODING_STYLE: coding style: update the DCO text
10522 2014-06-15 Attila Molnar <attilamolnar@hush.com>
10524 * lib/gnutls_state.c: doc: Corrections for
10525 gnutls_handshake_set_hook_function()
10527 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10529 * doc/cha-intro-tls.texi: doc: updated text for the ALPN
10530 experimental protocols
10532 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10534 * doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
10535 are duplicated in the section index.
10537 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10541 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10543 * tests/Makefile.am, tests/eagain-common.h,
10544 tests/mini-x509-callbacks-intr.c: tests: Added check for the
10545 interrupted post client hello.
10547 2014-06-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
10549 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
10550 lib/gnutls_v2_compat.c: handshake: Allow the post client hello
10551 callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
10552 GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
10553 and can be resumed when needed.
10555 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10557 * src/benchmark-tls.c: use the new API for receiving data
10559 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10561 * tests/anonself.c: Adapted test to check
10562 gnutls_record_recv_packet().
10564 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10568 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10570 * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
10571 lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
10572 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
10573 gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
10574 i.e., a variant that eliminates the data memcpy().
10576 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10578 * src/tests.c: gnutls-cli-debug: Use proper HTTP request
10580 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10584 2014-06-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
10586 * lib/x509/common.c: When decoding of a DN string fails, treat it as
10587 unknown string and print its hex value.
10589 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10591 * tests/suite/testpkcs11: Print errors but avoid being verbose on
10594 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10596 * src/certtool-common.c: certtool: avoid sizeof() on lbuffer
10598 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10600 * src/certtool-common.c: certtool: ensure that allocated buffer has
10601 a minimum size of 64kb.
10603 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10605 * src/certtool-args.def, src/certtool.c: certtool: Added option
10608 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10610 * lib/x509/x509.c: initialize iterator.
10612 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10614 * lib/x509/crl.c: corrected the allocation size for CRL iterator.
10616 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10618 * tests/suite/Makefile.am, tests/suite/crl-test,
10619 tests/suite/crl/long.pem: Added test for CRL decoding.
10621 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10623 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
10624 lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
10625 lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
10626 thread-safe by making the iterator explicit.
10628 2014-06-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
10630 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
10631 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
10632 tests/suite/Makefile.am, tests/suite/invalid-cert,
10633 tests/suite/testcompat-main, tests/suite/testrandom: Pass the
10634 LIBTOOL variable into test scripts That allows using the detected libtool in scripts. That corrects an
10635 issue on OS X systems that ship a different libtool. Reported by
10638 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10640 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
10641 lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
10642 gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.
10644 2014-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10646 * lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally
10648 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10652 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10654 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
10655 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
10656 gnutls_x509_crl_get_crt_serial2(), a faster variant of
10657 gnutls_x509_crl_get_crt_serial(). The new function caches pointers to allow working faster in CRL
10658 structures with lots of entries (e.g., 50000+ entries).
10660 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10662 * src/certtool-common.c, src/certtool-common.h, src/certtool.c,
10663 src/danetool.c: certtool: When an external file is used increase out
10664 maximum buffer accordingly.
10666 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10668 * lib/x509/output.c: Abort printing on error.
10670 2014-06-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
10672 * lib/gnutls_ui.c: tie the weak DH warning to the very weak security
10675 2014-06-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
10677 * m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values. That should resolve issue #108592 at
10678 http://savannah.gnu.org/support/?108592
10680 2014-06-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
10682 * lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
10683 SSLv2 hello length.
10685 2014-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10687 * NEWS, configure.ac, m4/hooks.m4: bumped version
10689 2014-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10693 2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
10695 * .gitignore: more files to ignore
10697 2014-05-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
10699 * devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
10700 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
10701 lib/accelerated/x86/coff/aesni-x86.s,
10702 lib/accelerated/x86/coff/aesni-x86_64.s,
10703 lib/accelerated/x86/coff/e_padlock-x86.s,
10704 lib/accelerated/x86/coff/e_padlock-x86_64.s,
10705 lib/accelerated/x86/coff/ghash-x86_64.s,
10706 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
10707 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
10708 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
10709 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
10710 lib/accelerated/x86/elf/aes-ssse3-x86.s,
10711 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
10712 lib/accelerated/x86/elf/aesni-x86.s,
10713 lib/accelerated/x86/elf/aesni-x86_64.s,
10714 lib/accelerated/x86/elf/e_padlock-x86.s,
10715 lib/accelerated/x86/elf/e_padlock-x86_64.s,
10716 lib/accelerated/x86/elf/ghash-x86_64.s,
10717 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
10718 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
10719 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
10720 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
10721 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
10722 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
10723 lib/accelerated/x86/macosx/aesni-x86.s,
10724 lib/accelerated/x86/macosx/aesni-x86_64.s,
10725 lib/accelerated/x86/macosx/e_padlock-x86.s,
10726 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
10727 lib/accelerated/x86/macosx/ghash-x86_64.s,
10728 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
10729 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
10730 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
10731 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
10734 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10738 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10740 * cross.mk: updated windows makefile
10742 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10744 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
10745 files for gnutls_credentials_get()
10747 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10749 * configure.ac, m4/hooks.m4: bumped version
10751 2014-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10753 * tests/Makefile.am, tests/long-session-id.c: Added test for memory
10754 corruption issue in server hello. Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.
10756 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10758 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
10759 lib/minitasn1/element.c, lib/minitasn1/gstr.h,
10760 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
10761 lib/minitasn1/parser_aux.h: updated libtasn1
10763 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10765 * lib/x509/common.c: avoid cleanup when there are no allocations in
10766 _gnutls_x509_der_encode().
10768 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10770 * lib/gnutls_ecc.c: cleanup resources on
10771 _gnutls_ecc_ansi_x963_export() failure.
10773 2014-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10775 * src/serv-args.def, src/serv.c: Added the --print-cert option to
10778 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10780 * src/certtool-extras.c: certtool: correct size calculation when
10783 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10785 * lib/opencdk/armor.c: re-indented messy table.
10787 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10789 * lib/opencdk/armor.c: Removed unused function.
10791 2014-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10793 * m4/hooks.m4: document the symbol version bump needed in a .so
10796 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10798 * lib/gnutls_handshake.c: Prevent memory corruption due to server
10799 hello parsing. Issue discovered by Joonas Kuorilehto of Codenomicon.
10801 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10803 * lib/gnutls_handshake.c: only try to copy session ID if there is a
10806 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
10810 2014-05-29 Kurt Roeckx <kurt@roeckx.be>
10812 * lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
10814 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
10816 * lib/pkcs11.c: increased the maximum certificate size buffer in the
10817 PKCS #11 subsystem.
10819 2014-05-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
10821 * lib/system.c: re-enabled config path discovery code, and check the
10822 return code of getpwuid_r(). Reported by Viktor Dukhovni.
10824 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10828 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10830 * src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
10831 src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more. It could not be emulated with the new library.
10833 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10835 * lib/accelerated/accelerated.c: removed old check for nettle
10837 2014-05-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
10839 * lib/safe-memset.c: safe_memset: allow memset of zero bytes.
10841 2014-05-27 Hani Benhabiles <kroosec@gmail.com>
10843 * lib/x509/verify-high.c: Fix unused variable warning without
10844 PKCS#11 support. Signed-off-by: Hani Benhabiles <hani@linux.com>
10846 2014-05-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
10848 * src/ocsptool-common.c: ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582),
10849 reported by Matt McCutchen.
10851 2014-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10853 * lib/algorithms/protocols.c, lib/gnutls_handshake.c:
10854 _gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
10855 instead of negative.
10857 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
10859 * src/certtool-cfg.c: Allow wildcard comparison of options.
10861 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
10865 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
10869 2014-05-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
10871 * src/certtool-cfg.c: certtool: Warn when invalid configuration
10872 options are set into a template.
10874 2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10876 * lib/x509/common.c: Do not allow null strings to be read from ASN.1
10877 structures. This corrects a null pointer dereference when parsing some specially
10878 crafted certificates. Issue discovered using the Codenomicon TLS
10881 2014-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10883 * lib/x509/common.c: removed redundant null termination
10885 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10887 * lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
10888 prefix from static functions.
10890 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10892 * lib/gnutls_handshake.c: Do not call the user_hello_func multiple
10893 times when performing ticket resumption.
10895 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10897 * doc/TODO: doc update
10899 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10901 * lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
10902 zero if data is NULL and memory buffer size is not sufficient.
10904 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10906 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
10907 When assigning the TLS version, double check that it is valid.
10909 2014-05-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
10911 * lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
10912 there is a valid negotiated version. Issue discovered by Joonas Kuorilehto of Codenomicon.
10914 2014-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10916 * src/certtool-cfg.c: Added aliases for unit and organization.
10918 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10920 * lib/x509/common.c: use a signed value for bits.
10922 2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
10926 2014-05-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
10928 * src/certtool-cfg.c: certtool: allow multiple organizations and
10929 organizational unit names to be specified in a template.
10931 2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
10933 * lib/gnutls_priority.c: increased the number of allowed elements in
10936 2014-05-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
10938 * lib/gnutls_priority.c: simplify break_comma_list().
10940 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10942 * lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
10943 internal _gnutls_x509_get_signature(). That prevents unnecessary replication of its code.
10945 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10947 * lib/x509/common.c, lib/x509/x509.c: more sanity checks on
10950 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10952 * src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def:
10953 tools: Replace normal sec-param with medium in documentation.
10955 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10957 * doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
10958 print the bug reports line from autogen.
10960 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10964 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10966 * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
10967 lib/safe-memset.c: do not yet export gnutls_memset().
10969 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10971 * .gitignore: more files to ignore
10973 2014-05-15 Michał Górny <mgorny@gentoo.org>
10975 * tests/slow/Makefile.am: tests/slow: add -I flags necessary for
10976 out-of-source builds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10978 2014-05-15 Michał Górny <mgorny@gentoo.org>
10980 * tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
10981 out-of-source builds. The set_pkcs12_cred used to default to looking for input files in a
10982 subdirectory of the current working directory. When an out-of-source
10983 build is performed, the files reside in a subdirectory of source
10984 directory instead. Set PKCS12PATH to that directory in order to fix
10985 the build. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
10987 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10989 * tests/dsa/testdsa: changed port of DSA test
10991 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10993 * lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
10994 correct signature size rather than the max.
10996 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
10998 * lib/openpgp/output.c: Print the openpgp DN only when
10999 gnutls_openpgp_crt_get_name() failed appropriately.
11001 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11003 * lib/x509/x509_ext.c: initialize string in
11004 gnutls_x509_ext_import_basic_constraints().
11006 2014-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11008 * lib/x509/x509.c: corrected error checking in
11009 gnutls_x509_crt_get_extension_data()
11011 2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11013 * lib/gnutls_ui.c: Allow null list_size argument in
11014 gnutls_certificate_get_peers()
11016 2014-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11018 * src/serv.c: certificate verification is performed asynchronously.
11020 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11024 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11026 * src/danetool-args.def: enhanced the danetool usage instructions.
11028 2014-05-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11030 * src/certtool-args.def: Do not use autogen's file option for input
11031 parameters. Instead use a string. We check the file for validity and autogen's
11032 check was imposing rules such as normal file (as opposed to a
11033 device), that were not needed.
11035 2014-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11037 * src/certtool-common.c: certtool: check for null prior to checking
11040 2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11042 * lib/auth/ecdhe.c: cleanup in the initialization of ECDH
11045 2014-05-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
11047 * lib/nettle/pk.c: Eliminated memory leak on failed curve
11048 assignment. The memory leak was uncovered by the Codenomicon TLS suite.
11050 2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11052 * src/cli.c: gnutls-cli: if dane verification is used but not PKIX
11053 only check the end certificate.
11055 2014-05-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
11057 * libdane/dane.c: doc update
11059 2014-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11061 * doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
11062 gnutls_set_default_priority() in examples.
11064 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11068 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11070 * libdane/dane.c, libdane/includes/gnutls/dane.h,
11071 libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
11072 allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.
11074 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11076 * libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
11077 prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.
11079 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11081 * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
11082 prototypes for dane_verify_crt_raw2().
11084 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11086 * NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
11087 lib/safe-memset.c: export gnutls_memset().
11089 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11093 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11095 * libdane/dane.c, libdane/includes/gnutls/dane.h,
11096 libdane/libdane.map: Added dane_verify_crt_raw2() which allows
11097 verifying against the certificate name.
11099 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11101 * libdane/dane.c: Improved dane_verify_session_crt(), which now
11102 attempts to create a full chain. This addresses points from
11103 https://savannah.gnu.org/support/index.php?108552
11105 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11107 * lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
11108 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
11109 lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
11110 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
11111 lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
11112 lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
11113 lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
11114 lib/gnutls_x509.c: removed legacy code.
11116 2014-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11118 * lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
11119 lib/libgnutls.map: Added gnutls_credentials_get().
11121 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11123 * src/serv-args.def, src/serv.c: Added gnutls-serv option
11124 --verify-client-cert. That option allows forcing verification of the provided certificate
11125 even if it is not required to present one. In that case the
11126 connection will be closed with a fatal alert.
11128 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11130 * lib/ext/status_request.c: Addressed memory leak in status request
11131 extension handling during rehandshake. The memory leak was uncovered by the Codenomicon TLS suite.
11133 2014-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11135 * lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
11136 DHE and ECDHE rehandshakes. The memory leak was uncovered by the Codenomicon TLS suite.
11138 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11140 * cross.mk: updated cross compilation Makefile.
11142 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11144 * lib/ext/safe_renegotiation.c: Avoid memory leak in safe
11145 renegotiation extension handling. The memory leak was uncovered by the Codenomicon TLS suite.
11147 2014-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11149 * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
11150 Small cleanups in packet receive as well as a memory leak error. The memory leak was uncovered by the Codenomicon TLS suite.
11152 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11154 * doc/cha-gtls-app.texi: doc update
11156 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11160 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11162 * doc/cha-gtls-app.texi: updated documentation on library
11163 initialization to reflex the changes in 3.3.0.
11165 2014-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11167 * lib/locks.c: re-enabled gnutls_global_set_mutex().
11169 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11171 * src/Makefile.am: Do not run autogen twice to generate the header
11174 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11176 * tests/cert-tests/Makefile.am: Ship suppressions.valgrind
11178 2014-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11180 * NEWS, configure.ac, m4/hooks.m4: bumped version
11182 2014-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11184 * lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
11185 remainders in the TLS handshake packets. The issue was discovered using the codenomicon TLS suite.
11187 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11189 * lib/ext/srp.c: Account the length byte in SRP extension. Issue identified using valgrind and the Codenomicon TLS test suite.
11191 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11195 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
11197 * src/cli.c: Do not set "NORMAL" as default priority string. That is, allow the library to select the appropriate default.
11199 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
11201 * doc/cha-gtls-app.texi: fixed typo
11203 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
11205 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
11206 lib/includes/gnutls/x509.h, lib/priority_options.gperf,
11207 lib/x509/verify.c: Added the 'very weak' certificate verification
11208 profile. This profile corresponds to a 64-bit security level (e.g., RSA
11209 parameters of 768 bits).
11211 2014-05-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
11213 * doc/cha-gtls-app.texi: doc update
11215 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11217 * doc/credentials/x509/cert-ecc.pem,
11218 doc/credentials/x509/clicert-ecdsa.pem,
11219 doc/credentials/x509/clikey-ecdsa.pem,
11220 doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
11223 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11225 * src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
11226 generate 256-bit keys by default. Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
11227 not widely supported.
11229 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11231 * doc/credentials/x509/clicert-ecdsa.pem,
11232 doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.
11234 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11236 * lib/minitasn1/decoding.c: Corrected an off-by-one error. The issue was discovered using the codenomicon TLS suite.
11238 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11242 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11244 * lib/ext/srp.c: initialize to null the SRP extension data on
11245 allocation. Issue identified using valgrind and the Codenomicon TLS test suite.
11247 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11249 * tests/suite/testrng: Modified the testrng for Debian's dieharder.
11251 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11253 * lib/algorithms/sign.c: Better check for null signature method. Issue identified using valgrind and the Codenomicon TLS test suite.
11255 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11257 * lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c:
11258 More precise packet length checking. Issue discovered using valgrind and the Codenomicon TLS test suite.
11260 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11262 * lib/auth/psk_passwd.c: Eliminated password file descriptor leak. Issue discovered using codenomicon TLS test suite.
11264 2014-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11266 * src/serv.c: Added a timeout to close inactive sessions.
11268 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11270 * doc/cha-gtls-app.texi: doc update
11272 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11274 * doc/cha-gtls-app.texi: doc update
11276 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11278 * src/serv.c: Send the appropriate alert when a certificate is
11279 required but not present.
11281 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11283 * lib/gnutls_global.c: use __sun definition to detect solaris.
11285 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11287 * src/serv.c: Cleaned up server process. This eliminates an infinate loop triggered by unexpected client
11290 2014-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11292 * lib/gnutls_global.c: Added support for constructors and
11293 destructors in solaris CC.
11295 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
11297 * tests/suite/testrng: Updated dieharder tests.
11299 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
11301 * README-alpha: doc update
11303 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
11305 * tests/slow/cipher-test.c: include header for self-test functions
11307 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
11309 * tests/suite/testrng: Allow testrng test to run with older versions
11312 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
11314 * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
11315 casting to mpz_t using __mpz_struct and cleaned up mpz_t access.
11317 2014-05-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
11319 * lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
11320 casting to mpz_t using __mpz_struct.
11322 2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11324 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
11325 lib/minitasn1/element.c, lib/minitasn1/element.h,
11326 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
11327 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
11328 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
11329 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
11330 lib/minitasn1/version.c: updated included libtasn1.
11332 2014-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11334 * src/certtool-cfg.c: Do not return from void functions. Reported by
11337 2014-04-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
11339 * lib/gnutls_global.c: removed return from void function.
11341 2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11343 * tests/suite/rng.c, tests/suite/testrng: updated prng test
11345 2014-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11347 * .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
11348 tests/suite/testrng: Test the random generators in gnutls using the
11351 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11353 * tests/suite/pkcs11-get-issuer.c: use different db file for
11356 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11360 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11362 * lib/x509/verify-high.c: doc update
11364 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11366 * tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
11367 test to verify whether gnutls_x509_trust_list_get_issuer() operates
11368 correctly under PKCS #11 trust list.
11370 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11372 * lib/includes/gnutls/x509.h, lib/x509/verify-high.c:
11373 gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
11376 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11378 * lib/pkcs11_write.c: initialize the size value
11380 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11382 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c:
11383 Include the correct header for the self tests functions
11385 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11389 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11391 * lib/ext/safe_renegotiation.c: removed redundant code. Reported by
11394 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11396 * libdane/dane.c: increased MAX_DATA_ENTRIES to 100.
11398 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11400 * libdane/dane.c: rearranged code
11402 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11404 * src/cli.c: only fail DANE verification if status is non-zero
11406 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11408 * libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
11409 certificate using DANE if there is at least one entry that matches
11410 the certificate. This corrects the previous behavior that was rejecting the
11411 certificate if there were multiple entries and one couldn't be
11412 validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
11413 DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
11415 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11419 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11421 * lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
11422 if the call to gnutls_global_init() failed.
11424 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11426 * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
11427 initialization of random generator. Reported by Martin Kletzander.
11429 2014-04-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
11431 * lib/nettle/rnd.c: Revert "Avoid dual initialization of random
11432 generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.
11434 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11436 * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
11437 lib/accelerated/x86/aes-cbc-x86-aesni.c,
11438 lib/accelerated/x86/aes-cbc-x86-ssse3.c,
11439 lib/accelerated/x86/aes-gcm-padlock.c,
11440 lib/accelerated/x86/aes-gcm-x86-aesni.c,
11441 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
11442 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
11443 lib/accelerated/x86/aes-padlock.c,
11444 lib/accelerated/x86/sha-padlock.c,
11445 lib/accelerated/x86/sha-x86-ssse3.c,
11446 lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h,
11447 lib/accelerated/x86/x86.h: x86.h was renamed to x86-common.h to
11448 avoid clashes with system headers.
11450 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11454 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11456 * lib/nettle/rnd.c: Avoid dual initialization of random generator.
11457 Reported by Martin Kletzander.
11459 2014-04-19 Kurt Roeckx <kurt@roeckx.be>
11461 * lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
11462 mode we are. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11464 2014-04-19 Kurt Roeckx <kurt@roeckx.be>
11466 * lib/fips.c: Add _gnutls_fips_mode_enabled() return values. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11468 2014-04-19 Andreas Metzler <ametzler@bebt.de>
11470 * lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
11472 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11474 * lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
11475 suggestion by Shawn (sth0r2046 [at] gmail.com).
11477 2014-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11479 * lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
11480 (sth0r2046 [at] gmail.com).
11482 2014-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11484 * src/certtool.c: Allow exporting a CRL in DER format.
11486 2014-04-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11488 * AUTHORS, THANKS: cleaned up authors and thanks file.
11490 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11492 * tests/suite/Makefile.am, tests/suite/invalid-cert,
11493 tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
11494 tests/suite/testrandom: More script tests run under valgrind
11496 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11498 * tests/cert-tests/Makefile.am, tests/cert-tests/aki,
11499 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
11500 tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.
11502 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11504 * lib/x509/x509.c: Treat othername as printable (i.e., null
11505 terminate it), as the XMPP printing code assumes that.
11507 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11509 * lib/x509/output.c: cleanups in output
11511 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11513 * guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
11514 longer possible in 3.3.x.
11516 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11518 * NEWS: relased 3.3.1
11520 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11522 * tests/suite/testpkcs11: changed port to allow parallelization
11524 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11526 * lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
11527 longer part of the API (though it remains in the ABI).
11529 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11531 * lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
11532 gnutls_secure_malloc() to avoid breaking ABI. gnutls_secure_calloc() is no longer exported as it was never in any
11535 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11537 * lib/Makefile.am: removed file from Makefile that doesn't exist
11539 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11541 * src/cli.c: gnutls-cli will no longer allow the session to proceed
11542 if DANE verification fails.
11544 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11548 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11550 * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
11551 tests/cert-tests/xmpp-othername.pem: Added test certificate with
11552 multiple XMPP othername SAN fields.
11554 2014-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11556 * lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
11557 lib/x509/x509.c: Corrected decoding of XMPP SAN othername. This also corrects the semantics of the get_*_othername_oid()
11558 functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().
11560 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11562 * lib/x509/x509_ext.c: always initialize size values
11564 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11566 * lib/x509/common.c: copy_string() and copy_data() are more
11567 resilient on null input
11569 2014-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11571 * tests/scripts/common.sh: increased server startup wait time. That is because we now check for key/certificate match via a
11572 sign/verify request that may take longer in some systems. Based on
11573 patch by Andreas Metzler.
11575 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11579 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11581 * lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get(). That caused a null pointer dereference when extracting names from a
11582 certificate that contained an OtherName. Reported and investigated
11583 by Kirill A. Shutemov.
11585 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11587 * lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
11588 the already unused secure alloc functions.
11590 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11592 * lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
11593 lib/safe-memset.c: Use a harder to optimize out memset().
11595 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11599 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11603 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11607 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11609 * lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.
11611 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11613 * tests/pskself.c: include hint into psk test.
11615 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11617 * lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.
11619 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11621 * tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.
11623 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11625 * lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK
11627 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11629 * lib/gnutls_psk.c: eliminated the leak of hint when deallocating
11632 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11634 * lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
11635 replacing of auth info based on the provided credentials type. This avoids issues with discrepances in server and client mode.
11637 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11639 * lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
11640 lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
11641 lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
11642 lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
11643 lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
11644 lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.
11646 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11648 * src/cli-args.def, src/cli.c: Both DANE and PKI verification are
11649 advisory when --tofu is being used.
11651 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11655 2014-04-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
11657 * lib/gnutls_buffers.c: When checking for data to be received use
11658 the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
11659 Reported and investigated by JMRecio.
11661 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11663 * src/cli-args.def: doc update
11665 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11667 * src/cli.c: documentation update.
11669 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11671 * src/cli.c: Do not print certificates twice. That will improve the visibility of messages of the various
11672 verification methods.
11674 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11676 * src/cli-args.def: Updated TOFU documentation. Suggested by Jens
11679 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11681 * src/p11tool.c: added newlines to p11tool error messages
11683 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
11687 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
11689 * lib/fips.c: corrected uninitialized value
11691 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
11693 * doc/Makefile.am: removed conditionally exported functions.
11695 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
11697 * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
11698 lib/includes/gnutls/self-test.h: Added self check functions to
11701 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
11703 * configure.ac, m4/hooks.m4: bumped versions
11705 2014-04-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
11707 * tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
11708 tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
11709 issues in the future
11711 2014-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11713 * tests/chainverify.c: increased the space available for
11714 certificates. That avoids a crash in sparc64; reported by Andreas Metzler.
11716 2014-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11718 * lib/x509/verify-high.c: doc update
11720 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11722 * src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.
11724 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11726 * src/Makefile.am: use the same cflags for included programs as with
11729 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11731 * libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
11734 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11736 * lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
11737 lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
11738 lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
11739 lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
11740 lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
11741 lib/verify-tofu.c: several bug fixes due to coverity.
11743 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11745 * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
11746 lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
11747 fixes due to coverity.
11749 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11751 * lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
11752 lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
11753 lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
11754 reported from coverity in opencdk.
11756 2014-04-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
11758 * lib/gnutls_buffers.c: correctly check for message upper limit.
11760 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
11762 * lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
11763 only CRLs in gnutls_x509_trust_list_add_trust_file().
11765 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
11767 * doc/cha-gtls-app.texi: doc update
11769 2014-04-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
11771 * src/cli-args.def: Added the PFS priority string.
11773 2014-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11775 * NEWS: corrected Peter's name!
11777 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11781 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11783 * tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
11784 tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
11785 tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.
11787 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11789 * lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
11790 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
11791 #8 files with ECC parameters from openssl. These files do not contain the curve information with the private
11792 key (ECPrivateKey), but they rather contain it in the
11793 privateKeyAlgorithm.
11795 2014-04-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
11797 * lib/ext/heartbeat.c: More strict checking of heartbeat padding
11798 size boundaries. This will let us enforce RFC6520 minimum size for padding. Suggest
11799 by Peter Williams; initially investigated by Frank Li.
11801 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11803 * lib/gnutls_mem.h: unconditionally zeroize temporal keys.
11805 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11807 * cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.
11809 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11811 * tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
11814 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11816 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
11817 the FIPS140-specific functions into the main documentation.
11819 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11821 * tests/key-tests/Makefile.am: Added missing file
11823 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11825 * NEWS: updated documentation
11827 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11829 * lib/libgnutls.map, symbols.last: updated exported symbols table.
11831 2014-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11835 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
11837 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
11838 lib/libgnutls.map: mark functions that are only available under
11841 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
11843 * doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
11844 auto-generated files.
11846 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
11848 * lib/x509/rfc2818_hostname.c: doc update
11850 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
11852 * lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
11853 public and private keys match.
11855 2014-04-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
11857 * lib/gnutls_pubkey.c: doc update
11859 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11861 * cross.mk: update gmplib location
11863 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11865 * lib/Makefile.am: removed double entry
11867 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11869 * tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
11872 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11874 * .gitignore: more files to ignore
11876 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11878 * lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
11879 include this gnulib module.
11881 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11883 * tests/suite/Makefile.am: do not build ecore when cross-compiling
11886 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11888 * src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
11889 src/gl/m4/gnulib-comp.m4: Added bind gnulib module.
11891 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11893 * src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
11894 src/gl/m4/gnulib-comp.m4: Added connect gnulib module.
11896 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11898 * gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
11899 gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
11900 gl/tests/Makefile.am, gl/tests/test-getdelim.c,
11901 gl/tests/test-getline.c: Added getline() in gnulib.
11903 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11905 * configure.ac: corrected configure test for pthread_mutex_lock
11907 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11909 * lib/gnutls_x509.c, lib/x509/x509.c: updated documentation
11911 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11913 * tests/suite/certs/create-chain.sh: updated test cert generator.
11915 2014-04-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
11917 * NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
11918 doc/examples/verify.c, lib/gnutls_cert.c,
11919 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
11920 src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
11921 tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
11922 the extendable gnutls_certificate_verify_peers(). That will allow adding new functionality to verification without the
11923 need to add new functions.
11925 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11927 * NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
11928 doc/examples/ex-client-x509.c, doc/examples/verify.c,
11929 lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
11930 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
11931 tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
11932 verify in addition to hostname, the purpose of the end-certificate.
11934 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11936 * m4/hooks.m4: bumped version
11938 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11940 * lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
11941 using gnutls_certificate_verify_peers3().
11943 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11945 * lib/gnutls_cert.c: doc update
11947 2014-04-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
11949 * lib/ext/heartbeat.c: doc update
11951 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11953 * lib/gnutls_priority.c: modify to conform to the documentated
11956 2014-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11958 * cross.mk: updated makefile
11960 2014-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11962 * configure.ac, lib/Makefile.am: avoid checking or linking with
11963 libpthread in windows
11965 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11967 * tests/suite/testpkcs11: Corrected check for softhsm shared object.
11969 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11971 * lib/gnutls_priority.c: Allow multiple spaces into priorities file.
11973 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11975 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
11976 The "SYSTEM" initial keyword was replaced with the more generic
11977 "@KEYWORD" The @KEYWORD string will open the pre-configured system priority
11978 file and will expand the KEYWORD, to the priority string set in the
11979 file. The file should have the following format:
11980 KEYWORD=PRIORITY_STRING
11982 2014-04-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
11984 * lib/gnutls_int.h: Use the IANA assigned padding extension number.
11986 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11988 * tests/suite/testpkcs11: skip the test if softhsm doesn't exist
11990 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11992 * .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
11993 and config in tests to allow parallel runs.
11995 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
11997 * README-alpha: added softhsm dependency for testsuite
11999 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12001 * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
12002 tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
12003 softhsm That allows us running it in the normal test suite.
12005 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12007 * src/certtool-args.def, src/certtool.c, src/cli-args.def,
12008 src/cli.c, src/p11tool.c: Allow using the --provider parameter in
12009 gnutls-cli and certtool to specify a PKCS #11 module.
12011 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12013 * tests/suite/pkcs11-chainverify.c: updated test to run in more
12016 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12018 * lib/pkcs11.c: set the same flags in the second search
12020 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12022 * .gitignore: ignore the softhsm test suite files.
12024 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12026 * tests/suite/testpkcs11: fixed bashisms
12028 2014-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12030 * tests/suite/certs/create-chain.sh: depend on bash for the
12031 create-chain script
12033 2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12035 * tests/mini-x509.c: Enhanced test to check that the correct number
12036 of certificates is received
12038 2014-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12040 * lib/gnutls_x509.c: corrected check for sorted server certificate
12043 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12045 * lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
12046 is specific to p11-kit trust modules.
12048 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12050 * tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
12051 the certificate verification tests in PKCS #11-based verification
12054 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12056 * lib/x509/verify.c: Perform time check when removing a certificate
12057 in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().
12059 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12061 * lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
12062 same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
12063 certificate, and the self-signed isn't in our pkcs11 trusted list,
12064 make sure that we search for the non-self-signed as well. This
12065 affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
12068 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12070 * lib/pkcs11.c: Allow manually loading a 'trusted' module.
12072 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12074 * lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
12075 libraries from the destructor. If we do and the PKCS #11 modules are already being unloaded, we may
12076 crash. If the deinitialization of the PKCS #11 subsystem is
12077 required then, gnutls_pkcs11_deinit() must be explicitly called.
12079 2014-04-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12081 * tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
12082 test chains from chainverify program.
12084 2014-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12086 * configure.ac, tests/Makefile.am, tests/key-id/Makefile.am,
12087 tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
12088 tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
12089 tests/key-id/key-ca.pem, tests/key-id/key-id,
12090 tests/key-id/key-user.pem, tests/key-tests/Makefile.am,
12091 tests/key-tests/README, tests/key-tests/ca-gnutls-keyid.pem,
12092 tests/key-tests/ca-no-keyid.pem,
12093 tests/key-tests/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
12094 tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
12095 tests/key-tests/key-ca.pem, tests/key-tests/key-id,
12096 tests/key-tests/key-user.pem, tests/key-tests/pkcs8: Added self-test
12097 for PKCS #8 key conversion and reading
12099 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12101 * tests/chainverify.c: the chainverify test ensures that there is no
12102 diverge between different verification functions.
12104 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12106 * lib/x509/verify-high.c: When verifying check for the same
12107 certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
12108 certificate, and the self-signed isn't in our trusted list, make
12109 sure that we search for the non-self-signed in our list as well.
12110 This affects, gnutls_x509_trust_list_verify_crt() and makes its
12111 results identical to gnutls_x509_crt_list_verify().
12113 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12115 * README-alpha: mention test on smart card support
12117 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12119 * README: Added make check to the make process in README
12121 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12125 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12127 * src/certtool-args.def, src/certtool-common.c,
12128 src/certtool-common.h, src/certtool.c: changed the behavior in
12129 certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
12130 output. The previous behavior of encrypting using an empty password
12131 can be replicated using --empty-password.
12133 2014-04-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12135 * src/certtool-args.def: Updated documentation on null-password and
12136 password options of certtool.
12138 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12140 * tests/suite/testrandom: Added test to check verification with
12141 randomly generated certificates.
12143 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12145 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
12146 src/certtool.c: Combined the code to set CRL next update with
12147 certificate expiration date.
12149 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12153 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12155 * src/certtool-cfg.c: corrected typo
12157 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12159 * src/certtool-common.c: improved error message
12161 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12163 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
12164 src/certtool.c: When a CRL serial number is not specified, generate
12167 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12169 * doc/cha-shared-key.texi: doc update
12171 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12173 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
12174 lib/priority_options.gperf: Added priority string
12175 %DISABLE_WILDCARDS. This will disable any wildcard matching when comparing hostnames in
12178 2014-04-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
12180 * NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
12181 lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
12182 lib/includes/gnutls/x509.h, lib/libgnutls.map,
12183 lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
12184 lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
12185 tests/hostname-check.c: Added verification flag to disable wildcard
12186 checking This adds the verification flag
12187 GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
12188 gnutls_x509_crt_check_hostname2(),
12189 gnutls_openpgp_crt_check_hostname2().
\v\18
12191 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
12195 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
12197 * tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
12198 tests/cert-tests/ca-no-pathlen.pem,
12199 tests/cert-tests/complex-cert.pem,
12200 tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
12201 SHA256 fingerprint output in certtool
12203 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
12205 * lib/x509/x509.c: doc update
12207 2014-04-01 Nikos Mavrogiannopoulos <nmav@redhat.com>
12209 * lib/x509/output.c: Print the SHA256 fingerprint of the certificate
12210 in addition to SHA1.
12212 2014-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12214 * lib/verify-tofu.c: doc update
12216 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
12218 * lib/gnutls_ui.c: simplified
12219 gnutls_certificate_client_get_request_status() - no error is
12222 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
12224 * lib/gnutls_record.c: doc update
12226 2014-03-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
12228 * lib/gnutls_record.c: cleaned up documentation of
12229 gnutls_record_send()
12231 2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12233 * tests/chainverify.c: Added test for CVE-2014-0092
12235 2014-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12237 * tests/Makefile.am: removed reference to mini_xssl
12239 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
12241 * tests/chainverify.c: Added self checks for various verification
12244 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
12246 * tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
12247 uncork usage under DTLS.
12249 2014-03-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
12251 * lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
12254 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
12256 * lib/gnutls_priority.c: using the SYSTEM priority string will fail
12257 if there is no system file
12259 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
12261 * doc/cha-gtls-app.texi: doc update
12263 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
12265 * NEWS: reformatted NEWS entries
12267 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
12269 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
12270 lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
12271 security. Introduced the LEGACY keyword which will enable the settings used in
12272 GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
12273 compatibility with weak or misconfigured servers is required.
12275 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
12277 * doc/manpages/Makefile.am: replaced wrong manpage generation
12280 2014-03-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
12282 * lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
12283 lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation
12285 2014-03-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12287 * README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
12288 dual-license LGPLv3+/GPLv2+ license. This licensing change affects the licenses under which versions of
12289 GnuTLS can be redistributed. Update the README to reflect this change.
12291 2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12293 * configure.ac: Fix patch version calculation when it contains
12296 2014-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12298 * configure.ac: print RSA-EXPORT status
12300 2014-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12302 * lib/gnutls_str.c: use isascii instead of isprint for
12303 internationalized name detection
12305 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
12307 * m4/hooks.m4: bump so version
12309 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
12311 * src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
12314 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
12316 * lib/auth/dh_common.c: add a check for invalid DH parameters.
12318 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
12320 * tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
12321 DHE prime and exponent size.
12323 2014-03-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
12325 * doc/TODO: doc update
12327 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12329 * tests/x509-extensions.c: fixed test to use the correct function
12332 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12334 * lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
12335 lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
12336 tests/hostname-check.c: Severely simplified hostname matching. Now only wildcards only the leftmost position of the string are
12337 allowed (followed by at least two components), and are only taken
12338 into account into ascii strings. Non-ascii strings are compared
12339 byte-by-byte. That means that wildcards in the form
12340 bar*foo.example.com are no longer accepted, as well as wildcards of
12341 the form *.*.*.example.com.
12343 2014-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12345 * lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h:
12346 use commit suffix for functions that return a status code.
12348 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
12350 * lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
12353 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
12357 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
12359 * src/certtool-args.def: the longer e-mail caused crash in autogen's
12362 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
12364 * NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
12365 doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
12366 lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
12367 lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
12368 lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
12369 some of the newly introduced functions
12371 2014-03-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
12373 * lib/gnutls_x509.c: set the invalid flag when the owner is
12376 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12378 * lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
12379 tests/hostname-check.c: Changed the behaviour in wildcard acceptance
12380 in certificates. Wildcards are only accepted when there are more than two domain
12381 components after the wildcard. This will prevent accepting
12382 certificates from CAs that issued '*.com', or 'www.*'.
12384 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12388 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12390 * tests/x509-extensions.c: Added more key usage flags in the test
12391 for x509-extensions.
12393 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12395 * tests/x509-extensions.c: x509-extensions test will fail if an
12396 unhandled extension is found.
12398 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12400 * lib/Makefile.am: ship the gperf file and the generated one.
12402 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12404 * .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
12405 doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update
12407 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12409 * doc/cha-cert-auth.texi: documented the new X.509 extension API
12411 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12413 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
12414 can now write more than a single crl_dist_point.
12416 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12418 * tests/Makefile.am, tests/cert-tests/template-test.pem,
12419 tests/cert-tests/template-test.tmpl,
12420 tests/cert-tests/template-utf8.pem,
12421 tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
12422 tests/x509-extensions.c: Added unit tests for new API
12424 2014-03-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
12426 * lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
12427 lib/includes/gnutls/x509.h, lib/libgnutls.map,
12428 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
12429 lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
12430 lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
12431 lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
12432 X.509 extensions. This API handles the X.509 extensions in separate, allowing to parse
12433 similarly formatted extensions stored in other structures. In
12434 addition functions that simplify the extraction of extensions from
12435 known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.
12437 2014-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12441 2014-02-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
12443 * lib/x509/extensions.c: Corrected error checking in
12444 _gnutls_x509_ext_gen_proxyCertInfo
12446 2014-03-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
12448 * doc/TODO: doc update
12450 2014-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12452 * src/serv.c: initialize pointer
12454 2014-03-12 Luis G.F <luisgf@gmail.com>
12456 * src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
12457 reference is lost if an allocation error occured. Signed-off-by: Luis G.F <luisgf@luisgf.es>
12459 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12461 * src/certtool-cfg.c: use the number of seconds as serial in 32-bit
12464 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12466 * lib/auth/cert.c: Only check PK compatibility in client side but
12467 also when using openpgp certs.
12469 2014-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12471 * lib/algorithms/kx.c: corrected initializer
12473 2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
12475 * lib/auth/cert.c: shortend static function names.
12477 2014-03-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
12479 * lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
12480 that the algorithm of the received certificate matches the expected.
12482 2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
12486 2014-03-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
12488 * doc/Makefile.am, doc/cha-functions.texi,
12489 doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
12490 doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
12491 doc/manpages/Makefile.am, lib/Makefile.am,
12492 lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
12493 lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
12494 tests/mini-xssl.c: The xssl experimental library was removed. While the idea of a high level library is nice, there are no
12495 resources to maintain an additional library.
12497 2014-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12499 * configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
12500 enable linking with nettle-mini
12502 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12504 * lib/x509/verify.c: re-enabled certificate verification
12506 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12508 * lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
12509 SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
12510 defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
12511 under SSL 3.0, it will during MAC initialization.
12513 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12515 * lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
12516 lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
12517 lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
12518 lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
12519 lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
12520 lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
12521 lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
12522 lib/x509/x509.c: stricter type usage
12524 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12526 * lib/accelerated/x86/aes-padlock.h,
12527 lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
12528 lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
12531 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12533 * lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
12534 lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
12535 lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
12538 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12540 * lib/x509/common.c: silence some warnings
12542 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12544 * lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
12545 lib/verify-tofu.c: clang warning fixes
12547 2014-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12549 * src/certtool-cfg.c: removed unused variables.
12551 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
12553 * src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
12554 will not be able to find the input file if GnuTLS is built out of
12555 tree, e.g. mkdir build cd build ../configure make Also, add missing targets for %-args.h, to avoid this error: make[2]: Entering directory `/home/user/gnutls/src' autogen srptool-args.def autogen psk-args.def make[2]: *** No rule to make target `ocsptool-args.h', needed by
12556 `all'. Stop. make[2]: Leaving directory
12557 `/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
12558 instead of using a GNU '%' pattern rule:
12559 https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>
12561 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
12563 * .gitignore, doc/Makefile.am: Fix build failures involving
12564 doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
12565 with no input file and it will hang forever waiting for content from
12566 stdin: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum < enums.texi echo stamp_enums > stamp_enums cd ../src/ && autogen -Tagtexi-cmd.tpl && \ rm -f ../doc/invoke-gnutls-cli.texi && \ ../doc/scripts/cleanup-autogen.pl
12567 <../src/invoke-gnutls-cli.texi
12568 >../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
12569 ../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
12570 rm -f ../src/invoke-gnutls-cli.texi <HANG> Since these documents are @include'd by other documents, it is
12571 probably a good idea to make sure the targets are buildable in case
12572 they get listed as prerequisites. 2) SRC_DEF_* used relative paths which are correct for an in-place
12573 build, but incorrect for an out-of-tree build. They should use
12574 something like $(top_srcdir)/src to resolve the ambiguity. 3) cleanup-autogen.pl was also referenced using a relative pathname,
12575 breaking out-of-tree builds. 4) The non-portable "sed -i" flag was used. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
12577 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
12579 * README-alpha: README-alpha: Add gperf dependency for building from
12580 git Without gperf, priority-options.h does not get built and this
12581 results in a compile error. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
12583 2014-03-07 Kevin Cernekee <cernekee@gmail.com>
12585 * src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
12586 missing SIZE_MAX on Android). Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
12588 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
12590 * lib/x509/verify.c: more type separation
12592 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
12594 * src/Makefile.am: use psktool-args
12596 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
12598 * lib/x509/verify.c: more type separation
12600 2014-03-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
12602 * lib/x509/verify.c: separated types for easier verification
12604 2014-03-06 Kevin Cernekee <cernekee@gmail.com>
12606 * .gitignore, doc/manpages/Makefile.am, src/Makefile.am,
12607 src/psk-args.def, src/psk.c, src/psktool-args.def: Rename
12608 psk-args.def to psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
12609 currently invoke-psktool.texi is generated from psk-args.def. If we
12610 make psktool conform to the same convention as the other utilities,
12611 we can use a generic pattern to handle all of them the same way. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
12613 2014-03-06 Kevin Cernekee <cernekee@gmail.com>
12615 * doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
12616 $(srcdir). When we do, chaos ensues: mv -f enums.texi-tmp enums.texi mkdir enums ../../doc/scripts/split-texi.pl enums enum <
12617 ../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
12618 file or directory make[4]: *** [stamp_enums] Error 1 make[4]: Leaving directory `/home/user/gnutls/build/doc' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/user/gnutls/build/doc' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/user/gnutls/build/doc' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/user/gnutls/build' make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
12620 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12622 * lib/openpgp/extras.c: Ensure failure when no base64 data have been
12623 read. Suggested by Ramkumar Chinchani.
12625 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12627 * lib/Makefile.am: xssl compilation fix; patch by Colin Leroy
12629 2014-03-05 Jason Spafford <nullprogrammer@gmail.com>
12631 * lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
12632 parameter before it checked if the parameter was null. Signed-off-by Jason Spafford nullprogrammer@gmail.com
12634 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12636 * Makefile.am, symbols.last: Added symbol check prior to release
12637 (after discussion with Andreas Metzler)
12639 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12641 * doc/Makefile.am, doc/manpages/Makefile.am: updated doc
12643 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12645 * build-aux/test-driver, build-aux/ylwrap: updated build-aux files
12647 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12649 * doc/Makefile.am: removed no-split as it causes issues in pdf
12652 2014-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12654 * gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
12655 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
12656 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
12657 gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
12658 gl/tests/test-bind.c, gl/tests/test-connect.c,
12659 gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
12660 gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
12663 2014-03-05 Nick Alcock <nick.alcock@oracle.com>
12665 * configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
12666 if autogen is not needed. After commit 6addbc3, specifying --enable-local-libopts
12667 unconditionally replaces the autogen-erated files with their
12668 distributed copies, and substitutes AUTOGEN to false. The assumption here is that if --enable-local-libopts is not
12669 specified, autogen cannot be installed, and that the distributed
12670 copies necessarily exist. Neither assumption is always correct.
12671 e.g. someone building a 32-bit copy of GnuTLS from git with a copy
12672 of autogen on their system will have a 64-bit copy of libopts, and a
12673 working /usr/bin/autogen, but not a 32-bit libopts. Since building
12674 autogen depends on Guile, this is a rather heavyweight pile of gear
12675 to require. (You can force a successful build in this case, but it
12676 requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
12677 distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
12678 we do not substitute AUTOGEN, so as to let any copy of autogen that
12679 configure found on the system do its job if necessary, while not
12680 forcing the user to link against the copy of libopts which came with
12681 that autogen. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
12683 2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
12685 * configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
12686 lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c:
12687 session tickets can be disabled
12689 2014-03-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
12691 * doc/examples/Makefile.am, lib/ext/cert_type.c,
12692 lib/ext/status_request.c, lib/gnutls_extensions.c,
12693 lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c:
12694 increased code disabled from disable-ocsp and disable-openpgp
12697 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
12699 * doc/cha-gtls-app.texi, lib/ext/Makefile.am,
12700 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
12701 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
12702 lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
12703 lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
12704 lib/priority_options.gperf, src/cli-args.def,
12705 tests/mini-record-2.c, tests/mini-record-range.c,
12706 tests/mini-record.c: NEW_PADDING has been removed. This extension did not get accepted by IETF so it is now being
12707 removed. The gnutls_range API is kept in case length hiding is
12708 implemented in a different way at some point.
12710 2014-03-05 Ludovic Courtès <ludo@gnu.org>
12712 * doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
12715 2014-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12717 * m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.
12719 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12721 * doc/examples/Makefile.am: examples include both gnulibs
12723 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12725 * src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
12726 src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
12727 src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
12728 src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
12729 src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
12730 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
12731 src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
12732 src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
12733 src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
12734 src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl
12736 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12738 * gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
12739 gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
12740 gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
12741 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
12742 gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
12743 gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
12744 gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
12745 gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
12746 gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
12747 gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
12748 gl/tests/test-getline.c: removed getpass from gl/
12750 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12752 * .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates
12754 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12756 * src/Makefile.am: changes for new gnulib in src/
12758 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12760 * lib/nettle/rnd-common.c: corrent error print in win32
12762 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12764 * lib/fips.c, lib/system.c: Changes to account for the reduced
12767 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12769 * src/crywrap/crywrap.c: added missing declaration
12771 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12773 * lib/gnutls_global.c: removed any dependencies to gnulib network
12776 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12778 * lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
12779 insistence to replace strerror
12781 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12783 * src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
12784 src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
12785 src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
12786 src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
12787 src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
12788 src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
12789 src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
12790 src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
12791 src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
12792 src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
12793 src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
12794 src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
12795 src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
12796 src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
12797 src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
12798 src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
12799 src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
12800 src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
12801 src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
12802 src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
12803 src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
12804 src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
12805 src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
12806 src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
12807 src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
12808 src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
12809 src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
12810 src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
12811 src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
12812 src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
12813 src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
12814 src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
12817 2014-03-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
12819 * gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
12820 gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
12821 gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
12822 gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
12823 gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
12824 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
12825 gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
12826 gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
12827 gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
12828 gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
12829 gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
12830 gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
12831 gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
12832 gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
12833 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
12834 gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
12835 gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
12836 gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
12837 gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
12838 gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
12839 gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
12840 gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
12841 gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
12842 gl/tests/test-accept.c, gl/tests/test-close.c,
12843 gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
12844 gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
12845 gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
12846 gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
12847 gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
12848 gl/tests/test-listen.c, gl/tests/test-lstat.c,
12849 gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
12850 gl/tests/test-pathmax.c, gl/tests/test-perror.c,
12851 gl/tests/test-perror.sh, gl/tests/test-perror2.c,
12852 gl/tests/test-pipe.c, gl/tests/test-recv.c,
12853 gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
12854 gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
12855 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
12856 gl/tests/test-select.h, gl/tests/test-send.c,
12857 gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
12858 gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
12859 gl/tests/test-stat.c, gl/tests/test-stat.h,
12860 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
12861 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
12862 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
12865 2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12867 * src/crywrap/crywrap.c: fixed more memory leaks in crywrap
12869 2014-03-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
12871 * src/crywrap/crywrap.c: addressed memory leak in crywrap.c
12873 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12875 * lib/x509/verify-high.c: check the blacklist for certificates
12876 provided in gnutls_x509_trust_list_verify_named_crt().
12878 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12880 * configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
12883 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12885 * doc/cha-library.texi: rsa-export is no more
12887 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12889 * doc/cha-library.texi: updated option for TPM
12891 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12893 * cross.mk: updated
12895 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12897 * src/common.h: replace select() on windows
12899 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12901 * lib/gnutls_buffers.c: print message before failing when the pull
12902 timeout function isn't replaced.
12904 2014-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12906 * lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
12907 SHA1; suggested by Manuel Pégourié-Gonnard.
12909 2014-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
12911 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
12912 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
12913 build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
12914 build-aux/useless-if-before-free, build-aux/vc-list-files,
12915 doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
12916 gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
12917 gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
12918 gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
12919 gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
12920 gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
12921 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
12922 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
12923 gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
12924 gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
12925 gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
12926 gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
12927 gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
12928 gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
12929 gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
12930 gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
12931 gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
12932 gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
12933 gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
12934 gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
12935 gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
12936 gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
12937 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
12938 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
12939 gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
12940 gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
12941 gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
12942 gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
12943 gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
12944 gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
12945 gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
12946 gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
12947 gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
12948 gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
12949 gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
12950 gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
12951 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
12952 gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
12953 gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
12954 gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
12955 gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
12956 gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
12957 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
12958 gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
12959 gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
12960 gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
12961 gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
12962 gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
12963 gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
12964 gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
12965 gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
12966 gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
12967 gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
12968 gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
12969 gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
12970 gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
12971 gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
12972 gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
12973 gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
12974 gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
12975 gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
12976 gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
12977 gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
12978 gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
12979 gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
12980 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
12981 gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
12982 gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
12983 gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
12984 gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
12985 gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
12986 gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
12987 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
12988 gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
12989 gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
12990 gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
12991 gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
12992 gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
12993 gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
12994 gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
12995 gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
12996 gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
12997 gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
12998 gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
12999 gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
13000 gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
13001 gl/tests/test-base64.c, gl/tests/test-binary-io.c,
13002 gl/tests/test-bind.c, gl/tests/test-byteswap.c,
13003 gl/tests/test-c-ctype.c, gl/tests/test-close.c,
13004 gl/tests/test-connect.c, gl/tests/test-dup2.c,
13005 gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
13006 gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
13007 gl/tests/test-float.c, gl/tests/test-fputc.c,
13008 gl/tests/test-fread.c, gl/tests/test-fseek.c,
13009 gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
13010 gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
13011 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
13012 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
13013 gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
13014 gl/tests/test-func.c, gl/tests/test-fwrite.c,
13015 gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
13016 gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
13017 gl/tests/test-getline.c, gl/tests/test-getpeername.c,
13018 gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
13019 gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
13020 gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
13021 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
13022 gl/tests/test-ioctl.c, gl/tests/test-listen.c,
13023 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
13024 gl/tests/test-memchr.c, gl/tests/test-netdb.c,
13025 gl/tests/test-netinet_in.c, gl/tests/test-open.c,
13026 gl/tests/test-open.h, gl/tests/test-pathmax.c,
13027 gl/tests/test-perror.c, gl/tests/test-perror2.c,
13028 gl/tests/test-pipe.c, gl/tests/test-read-file.c,
13029 gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
13030 gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
13031 gl/tests/test-select.c, gl/tests/test-select.h,
13032 gl/tests/test-send.c, gl/tests/test-sendto.c,
13033 gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
13034 gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
13035 gl/tests/test-sockets.c, gl/tests/test-stat.c,
13036 gl/tests/test-stat.h, gl/tests/test-stdalign.c,
13037 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
13038 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
13039 gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
13040 gl/tests/test-strerror_r.c, gl/tests/test-string.c,
13041 gl/tests/test-strings.c, gl/tests/test-strnlen.c,
13042 gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
13043 gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
13044 gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
13045 gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
13046 gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
13047 gl/tests/test-sys_wait.h, gl/tests/test-time.c,
13048 gl/tests/test-u64.c, gl/tests/test-unistd.c,
13049 gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
13050 gl/tests/test-vc-list-files-cvs.sh,
13051 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
13052 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
13053 gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
13054 gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
13055 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
13056 gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
13057 src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
13058 src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
13059 src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
13060 src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
13061 src/gl/intprops.h, src/gl/m4/00gnulib.m4,
13062 src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
13063 src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
13064 src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
13065 src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
13066 src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
13067 src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
13068 src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
13069 src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
13070 src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
13071 src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
13072 src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
13073 src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
13074 src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
13075 src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
13076 src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
13077 src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
13078 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
13079 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
13080 src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
13081 src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
13082 src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
13083 src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
13084 src/gl/parse-datetime.h, src/gl/parse-datetime.y,
13085 src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
13086 src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
13087 src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
13088 src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
13089 src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
13090 src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
13091 src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
13092 src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c:
13095 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13097 * lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
13098 when they are available in TLS1.0
13100 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13102 * lib/gnutls_priority.c: The default priority is reset to NORMAL
13104 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13106 * lib/gnutls_priority.c: Revert "the default priorities are reset to
13107 be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.
13109 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13111 * doc/cha-gtls-app.texi: mention SHA384 as MAC option
13113 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13115 * src/cli-args.def, src/serv-args.def: documented the defaults
13117 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13119 * lib/gnutls_priority.c: the default priorities are reset to be
13120 NORMAL. Reported by Manuel Pégourié-Gonnard.
13122 2014-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13124 * src/serv-args.def: Add required priorities
13126 2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13128 * lib/x509/verify.c: Preinitialize values; suggested by Sebastian
13129 Krahmer and Tomas Hoger.
13131 2014-02-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13133 * lib/x509/verify.c: added doc on is_issuer() checks
13135 2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
13137 * lib/gnutls_cert.c: removed not trusted message; reported by Michel
13140 2014-02-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
13142 * tests/chainverify.c: updated for verification updates
13144 2014-02-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
13146 * lib/x509/verify.c: Updated verification function
13148 2014-02-22 Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
13150 * src/cli-args.def, src/cli.c: New option --stricttofu for
13151 gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
13152 certificate changes. I added the option --stricttofu that omits the
13153 question and fails instead. The contribution is in accordance to the "Developer's Certificate of
13154 Origin" as found in the file doc/DCO.txt. Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>
13156 2014-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13158 * lib/gnutls_handshake.c: moved priorities check to the first call
13161 2014-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13163 * lib/nettle/rnd-common.c: removed duplicate definition; reported by
13166 2014-02-21 Nikos Mavrogiannopoulos <nmav@redhat.com>
13168 * doc/README.CODING_STYLE: updated coding style
13170 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13174 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13176 * tests/cert-tests/template-nc.pem: added cert
13178 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13180 * tests/cert-tests/template-test: corrected check
13182 2014-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13184 * lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
13187 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13189 * tests/suite/testdane: updated
13191 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13195 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13197 * lib/x509/name_constraints.c: When appending a name, ensure that we
13198 append to the end of the list.
13200 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13202 * lib/x509/name_constraints.c: use gnutls_free()
13204 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13206 * src/certtool-args.def: corrected email in texi
13208 2014-02-20 Attila Molnar <attilamolnar@hush.com>
13210 * lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
13211 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
13212 resistance against guessing usernames When a client tries to authenticate using an unknown username,
13213 instead of generating a random salt every time, generate the salt
13214 based on the username and a secret seed. The seed is settable by the application, allowing servers to re-use
13215 the same seed after a restart. A random seed is generated for each newly allocated SRP server
13216 credentials structure, meaning that applications not using the new
13217 API to set the seed continue to work and gain limited advantage
13218 (because they use a different seed after every restart). For further information see section 2.5.1.3. in RFC 5054. Signed-off-by: Attila Molnar <attilamolnar@hush.com>
13220 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13222 * lib/x509/verify-high.c: small artistic changes
13224 2014-02-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
13226 * lib/x509/verify.c: check against the success value
13228 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13230 * lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
13231 bool types when needed.
13233 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13235 * lib/x509/verify.c: ensure failure when parsing fails.
13237 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13239 * lib/x509/name_constraints.c: allow ip address as constraint
13241 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13243 * lib/x509/verify.c: Added check for IPaddress
13245 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13249 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13251 * tests/chainverify.c: Added tests for name constraints addition.
13253 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13255 * src/certtool.c: better error printing
13257 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13259 * lib/x509/extensions.c: corrected empty name check
13261 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13263 * tests/cert-tests/template-nc.pem,
13264 tests/cert-tests/template-nc.tmpl: Updated test for name constraints
13265 to include empty constraints names.
13267 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13269 * lib/x509/output.c: pretty print empty DNSnames
13271 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13273 * lib/x509/common.c, lib/x509/name_constraints.c:
13274 _gnutls_x509_read_value() can now read empty values.
13276 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13278 * lib/x509/extensions.c: Allow empty names.
13280 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13282 * src/certtool-cfg.c: removed debugging
13284 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13286 * lib/x509/extensions.c: Added check for null
13288 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13290 * lib/x509/name_constraints.c: If alternative names are found, don't
13291 bother checking the DN.
13293 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13295 * tests/suite/certs/create-chain.sh: Added tool to create a
13298 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13300 * lib/x509/output.c: properly indent name constraints
13302 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13304 * lib/x509/x509.c: _gnutls_parse_general_name2() will return the
13307 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13309 * src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
13310 src/certtool.c, tests/cert-tests/Makefile.am,
13311 tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test:
13312 certtool allows setting name constraints.
13314 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13316 * lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
13319 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13321 * lib/x509/verify.c: simplify names
13323 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13325 * lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
13328 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13330 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
13331 lib/x509/name_constraints.c: Added
13332 gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
13335 2014-02-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
13337 * lib/x509/name_constraints.c, tests/name-constraints.c,
13338 tests/suppressions.valgrind: Added support for e-mail constraints.
13340 2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13342 * tests/name-constraints.c: Added more constraints tests for
13343 unsupported structures.
13345 2014-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13347 * lib/x509/name_constraints.c: Corrected check for present
13348 constraints in unsupported types.
13350 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
13352 * doc/examples/ex-ocsp-client.c: fix small leak
13354 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
13356 * src/ocsptool.c: When verifying a response and a signer isn't
13357 provided assume that the signer is the issuer.
13359 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
13361 * src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
13362 src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
13363 check if it is available on the reply.
13365 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
13367 * lib/x509/name_constraints.c: properly deinitialize name
13368 constraints structure.
13370 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
13372 * doc/examples/ex-ocsp-client.c: Verify in example that the sent
13373 nonce matches the received nonce. Reported by Benny Baumann.
13375 2014-02-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
13377 * tests/name-constraints.c: Added missing file
13379 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
13381 * lib/priority_options.gperf: priority string flag
13382 VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy
13384 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13386 * lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
13387 handshake timers when gnutls_handshake() is called.
13389 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13391 * tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
13392 catch a timeout issue in handshake().
13394 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13396 * lib/gnutls_handshake.c: doc update
13398 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13400 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
13401 multiple flags in gnutls_x509_crt_get_name_constraints()
13403 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13405 * lib/x509/name_constraints.c: Do not deinitialize the constraints
13406 structure when reading the constraints fails.
13408 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13410 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
13411 lib/x509/output.c: Allow appending name constraints.
13413 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13415 * lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
13416 setting a non-critical name-constraints extension.
13418 2014-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13420 * lib/x509/name_constraints.c: better checking of unsupported
13423 2014-02-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
13427 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13429 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
13430 lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
13431 lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
13432 lib/x509/x509_int.h, tests/Makefile.am: Added support for name
13433 constraints X.509 extension. This allows to generate and read the name constraints extension, as
13434 well as check against the DNSNAME value.
13436 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13438 * configure.ac: depend on p11-kit 0.20.0 or later
13440 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13442 * tests/chainverify.c: changed names for clarity
13444 2014-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13446 * lib/gnutls_pcert.c: Corrected bug in
13447 gnutls_pcert_list_import_x509_raw(). The bug caused gnutls_pcert_list_import_x509_raw() to crash if
13448 gnutls_x509_crt_list_import() would fail with the provided data.
13449 Reported by Dmitriy Anisimkov.
13451 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13453 * tests/suppressions.valgrind: corrected suppressions file
13455 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13457 * lib/includes/gnutls/x509.h: do not mention
13458 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation
13460 2014-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13462 * lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
13463 lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
13464 tests/chainverify.c: removed deprecated flag
13466 2014-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13468 * doc/latex/cover.tex: added Ted
13470 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13472 * lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.
13474 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13476 * lib/gnutls_privkey.c: set value to null after releasing
13478 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13480 * tests/slow/keygen.c: generate keys in the acceptable sizes in
13483 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13485 * tests/crq_key_id.c: generate 2048 bit keys in RSA mode
13487 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13489 * lib/x509/x509.c, lib/x509/x509_int.h: Added
13490 _gnutls_parse_general_name2()
13492 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13494 * lib/x509/common.c: ensure that _gnutls_x509_read_value works as
13497 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13499 * lib/x509/verify.c: ensure that the issuer in present in a trusted
13502 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13504 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
13505 GNUTLS_PKCS11_TOKEN_TRUSTED_UINT
13507 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13509 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
13510 GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().
13512 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13514 * lib/x509/verify.c: Use the
13515 GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
13516 trusted modules are used.
13518 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13520 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h:
13521 Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE. This flag can be used to ensure that the object request lies on a
13522 marked as trusted PKCS #11 module. The marking is done on p11-kit
13525 2014-02-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
13527 * lib/pkcs11.c: mark trusted p11-kit modules as trusted.
13529 2014-02-12 Marcus Meissner <meissner@suse.de>
13531 * src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
13532 for the ipv6 address fails, this loop would fail and abort the
13533 socket listen code. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
13535 2014-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13537 * doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.
13539 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
13541 * tests/chainverify.c: Added test for pathlen constraints.
13543 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
13545 * tests/chainverify.c: Added check for v1 intermediate CA
13548 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
13550 * lib/x509/verify.c: Fix bug that prevented the rejection of v1
13551 intermediate CA certificates. Reported by Suman Jana.
13553 2014-02-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
13555 * lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function
13557 2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
13561 2014-02-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
13563 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
13564 timestamps for serial numbers.
13566 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
13568 * maint.mk: updated indent cmd
13570 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
13572 * cfg.mk: corrected indent parameters
13574 2014-02-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
13576 * lib/accelerated/x86/aes-cbc-x86-aesni.c,
13577 lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h:
13578 do not redefine the _gnutls_x86_cpuid_s symbol
13580 2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13582 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
13583 security levels of PFS, SECURE128 and SECURE192 keywords.
13585 2014-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13587 * lib/gnutls_priority.c: reduced security levels of SECURE128 and
13590 2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
13592 * tests/mini-record-2.c: only test libz if it is available
13594 2014-02-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
13596 * tests/mini-record-2.c: check errors from
13597 gnutls_priority_set_direct().
13599 2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13601 * doc/cha-tokens.texi: doc update
13603 2014-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13605 * lib/nettle/rnd.c: increased the interval between reading
13608 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
13610 * po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
13611 po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
13612 po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.
13614 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
13616 * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
13617 src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
13618 certtool option to allow asking for passwords even when in batch
13621 2014-02-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
13623 * src/certtool-common.c: use newlines in error printing
13625 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
13627 * lib/x509/verify.c: when using a PKCS #11 module for verification
13628 ensure that it has been marked a trusted module in p11-kit.
13630 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
13632 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
13633 GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
13634 p11-kit's P11_KIT_MODULE_TRUSTED flag.
13636 2014-02-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
13638 * lib/gnutls_priority.c: use macros to set the level.
13640 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13642 * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
13643 reference manual to remove individual indexes that were not working.
13645 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13647 * tests/suite/ciphersuite/test-ciphersuites.sh: corrected
13648 test-ciphersuites.sh test
13650 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13652 * lib/gnutls_priority.c: consider the initial keyword set even when
13655 2014-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13657 * lib/gnutls_priority.c: When two initial keywords are specified
13658 then treat the second as having the '+' modifier. This will handle SECURE256:SECURE128 the same way as
13659 SECURE256:+SECURE128.
13661 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13663 * lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
13664 multiple initial keywords in a priority string, the security level
13665 set is the one of the lowest security.
13667 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13669 * lib/x509/verify.c: better wording
13671 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13673 * lib/nettle/pk.c: corrected bug in DH exponent size calculation.
13675 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13677 * lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
13678 extension. This is an extension that is defined to be sent by the client but
13679 there are servers that include it as well. Most other
13680 implementations tolerate this behavior so we do.
13682 2014-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13684 * lib/algorithms/ciphersuites.c: corrected typo
13686 2014-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13688 * lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
13689 requirements for all ciphersuites that are not GCM.
13691 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
13693 * lib/nettle/pk.c: return proper error on RSA key generation failure
13695 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
13697 * lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c:
13700 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
13702 * lib/gnutls_hash_int.c: Added sanity check in hash_init() and
13705 2014-01-31 Nikos Mavrogiannopoulos <nmav@redhat.com>
13707 * lib/nettle/rnd.c: use some kind of key continuity in the nonce
13710 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
13714 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
13716 * lib/x509/privkey.c: when importing public keys set the correct
13719 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
13721 * lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
13724 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
13726 * lib/nettle/int/dsa-keygen-fips186.c: corrected calculation
13728 2014-01-30 Nikos Mavrogiannopoulos <nmav@redhat.com>
13730 * lib/includes/gnutls/gnutls.h.in: corrected prototype
13732 2014-01-29 Nikos Mavrogiannopoulos <nmav@redhat.com>
13734 * lib/libgnutls.map, lib/nettle/Makefile.am,
13735 lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
13736 lib/nettle/pk.c: Added FIPS184-4 RSA key generation.
13738 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13740 * lib/gnutls_db.c, lib/libgnutls.map: rename function
13742 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13744 * lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
13745 lib/libgnutls.map: Added gnutls_db_get_cache_expiration()
13747 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13749 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.
13751 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13755 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13757 * lib/nettle/pk.c: removed unused variables
13759 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13761 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
13762 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
13763 gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().
13765 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13767 * lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
13768 lib/x509/privkey.c: Allow verification of public and private
13771 2014-01-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
13773 * lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
13776 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13778 * tests/resume.c: Added check for gnutls_db_check_entry_time().
13780 2014-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13784 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13786 * lib/gnutls_db.c: correctly read the magic number and timestamp;
13787 report and patch by Jonathan Roudiere
13789 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13791 * doc/scripts/getfuncs-map.pl: updated for new functions
13793 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13795 * NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
13796 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
13797 functions to export. gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
13798 gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
13799 gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
13800 gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw
13802 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13804 * lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
13805 lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512
13807 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13809 * lib/libgnutls.map: exported function needed for fips test
13811 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13813 * lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
13814 lib/gnutls_privkey_raw.c: compile missing file
13816 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13818 * lib/gnutls_privkey.c: indented
13820 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13822 * lib/gnutls_privkey.c: eliminated memory leak when generating a
13823 privvate key using gnutls_privkey_generate().
13825 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13827 * NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
13828 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
13829 to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
13830 gnutls_privkey_import_rsa_raw
13832 2014-01-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
13834 * lib/nettle/pk.c: corrected usage of privkey
13836 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13838 * tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
13841 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13843 * lib/x509/common.c: optimized string search in _oid2str table.
13845 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13847 * lib/x509/dn.c: copyright update
13849 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13851 * lib/x509/common.c: fixed null pointer derefence when printing a
13852 name and an LDAP description isn't present for the OID
13854 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13856 * doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
13857 gnutls_realloc_fast to false positives Conflicts: lib/libgnutls.map
13859 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13861 * Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
13862 to release verify that the exported functions in the .map file match
13865 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13867 * lib/libgnutls.map: exported missing functions
13869 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13871 * lib/libgnutls.map: exported function
13873 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13875 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
13876 lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
13879 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13881 * tests/mini-global-load.c: removed non-working test for static
13884 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13886 * lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.
13888 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13892 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13894 * tests/rng-fork.c: increased the number of bytes requested by the
13897 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13899 * lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
13900 The AES-CTR-based nonce random number generator was replaced with
13903 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13905 * .gitignore: more files to ignore
13907 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13909 * lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
13910 lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
13911 function prototypes.
13913 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13915 * lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
13916 the prototype of _gnutls_mpi_div
13918 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13920 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
13921 lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
13922 prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
13925 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13927 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
13928 lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
13929 prototype of _gnutls_mpi_powm
13931 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13933 * lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
13934 lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
13935 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
13936 lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
13937 lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
13938 lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
13941 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13943 * lib/nettle/pk.c: reduced warnings
13945 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13947 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
13948 lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
13949 lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
13950 _gnutls_mpi_set_ui,, _gnutls_mpi_copy
13952 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13954 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
13955 lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
13958 2014-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13960 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
13961 lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
13962 lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
13963 added _gnutls_mpi_init_multi
13965 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13967 * lib/nettle/rnd.c: reduced the number of system calls made during
13968 the random generator lock.
13970 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13972 * doc/examples/ex-cert-select-pkcs11.c,
13973 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
13974 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
13975 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
13976 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
13977 lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
13978 string by default in examples (not yet).
13980 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13982 * cross.mk: updated
13984 2014-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13986 * lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
13987 to avoid becoming a bottleneck on processes with many threads.
13989 2014-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
13991 * src/common.h: corrected push/pull function setting
13993 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
13995 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
13996 lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()
13998 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
14000 * lib/nettle/int/dsa-keygen-fips186.c,
14001 lib/nettle/int/dsa-validate.c: do not impose limits to index
14003 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
14005 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
14006 lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c:
14007 Fixes in the Shawe-Taylor prime generation routine.
14009 2014-01-24 Nikos Mavrogiannopoulos <nmav@redhat.com>
14011 * lib/nettle/int/provable-prime.c: cleanups
14013 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14015 * lib/nettle/int/dsa-keygen-fips186.c: increased seed length
14017 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14019 * lib/nettle/int/provable-prime.c: cleanups
14021 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14023 * lib/nettle/int/provable-prime.c: indented code
14025 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14027 * lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
14028 _gnutls_pk_params_copy makes a full duplicate.
14030 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14032 * lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
14033 lib/x509/privkey.c: Added macros to allow specifying a subgroup for
14036 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14038 * lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.
14040 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14042 * NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
14043 lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
14044 lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
14045 new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
14046 Added gnutls_privkey_get_pk_rsa_raw: Added
14048 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14050 * lib/libgnutls.map: exported more internal functions
14052 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14054 * lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
14057 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14059 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
14060 lib/nettle/int/dsa-validate.c: Split the generation of keypair from
14061 the generation of parameters.
14063 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14065 * lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
14066 lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
14067 _dsa_validate_dss_g, and other fixes in validation.
14069 2014-01-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14071 * lib/nettle/int/dsa-keygen-fips186.c,
14072 lib/nettle/int/dsa-validate.c: indented files
14074 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
14076 * lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
14077 _dsa_generate_dss_pq
14079 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
14081 * lib/nettle/int/dsa-keygen-fips186.c: fixed copyright
14083 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
14085 * lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
14086 vectors for the fixed implementation.
14088 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
14090 * lib/random.c: register FIPS140 random generator prior to
14093 2014-01-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
14095 * lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
14096 lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
14099 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14101 * lib/nettle/cipher.c: no point to fail on 3DES weak keys.
14103 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14105 * lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.
14107 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14109 * lib/crypto-api.c: use a single context for all stream ciphers.
14111 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14113 * lib/crypto-selftests.c: Added ARCFOUR-128 self test.
14115 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14117 * lib/gnutls_pubkey.c: always set subkey status
14119 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14121 * tests/mini-dtls-record.c: small updates in mini-dtls-record
14123 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14125 * lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS
14127 2014-01-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
14129 * lib/gnutls_handshake.c: simplified client hello generation
14131 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14133 * lib/gnutls_int.h: %COMPAT implies %DUMBFW
14135 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14137 * lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization
14139 2014-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14141 * lib/gnutls_handshake.c: use a single buffer to generate the client
14144 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14148 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14150 * lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
14151 lib/random.c: The FIPS140 random number generator is enabled
14152 conditionally when required.
14154 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14156 * lib/includes/gnutls/gnutls.h.in: removed duplicate function
14158 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14160 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
14161 lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
14162 lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
14163 replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.
14165 2014-01-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14167 * lib/gnutls_global.c: use newline
14169 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14171 * lib/gnutls_priority.c: when freeing priority_cache make sure it is
14174 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14176 * lib/gnutls_x509.c: Clarified version
14178 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14180 * NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h:
14181 gnutls_global_set_mem_functions was deprecated
14183 2014-01-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14185 * lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
14186 warning; all systems we support set this function.
14188 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14190 * doc/Makefile.am: generate info documentation in a single file
14192 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14194 * lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
14195 certificates is now replaced by the verification profiles.
14197 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14199 * lib/gnutls_int.h: no need to set profile to LOW as it is already
14202 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14204 * doc/examples/ex-cert-select-pkcs11.c,
14205 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
14206 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
14207 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
14208 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
14209 lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
14212 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14216 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14218 * lib/gnutls_priority.c: decreased certificate verification level to
14219 allow SHA1 as hash.
14221 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14223 * lib/gnutls_int.h, lib/x509/verify.c: When verifying a
14224 certificate's security level ensure that the hash is within the
14227 2014-01-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
14229 * lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
14230 lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()
14232 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14234 * tests/cert-tests/complex-cert.pem: updated test for level rename
14236 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14238 * tests/suppressions.valgrind: updated memxor3 suppression to cope
14239 with any usage of memxor3
14241 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14243 * lib/gnutls_priority.c: The correct priority will be used if SYSTEM
14246 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14248 * lib/x509/verify.c: do not immediately fail on verification failure
14249 due to insecure algorithm.
14251 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14253 * tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
14254 gnutls_priority_set_direct() to set a fixed priority string
14256 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14258 * lib/x509/verify-high.c: avoid allocation.
14260 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14262 * doc/examples/ex-cert-select-pkcs11.c,
14263 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
14264 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
14265 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
14266 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
14267 priorities based on version number in examples, and add dependency
14270 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14272 * doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
14273 doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
14274 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
14275 doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
14276 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
14277 lib/gnutls_priority.c: changes in SYSTEM semantics to allow
14278 appending rules to the default policy.
14280 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14282 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c:
14283 Added the SYSTEM priority string initial keyword. That allows a compile-time specified configuration file to be used
14284 to read the priorities. That can be used to impose system specific
14287 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14289 * lib/gnutls_priority.c: Weak sec-param was replaced with Low.
14291 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14293 * tests/sec-params.c: updated sec-params check
14295 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14297 * doc/cha-gtls-app.texi: doc update
14299 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14301 * NEWS, src/certtool-common.c, src/serv.c: more updates for the
14302 security param rename
14304 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14306 * tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
14307 test to check the expected values of security parameters.
14309 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14311 * doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update
14313 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14315 * lib/algorithms/secparams.c: security levels aligned to ENISA and
14316 other common practice recommendations.
14318 2014-01-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
14320 * NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
14321 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
14322 lib/priority_options.gperf, lib/x509/verify.c:
14323 GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
14324 Also when setting a PROFILE explicitly as priority string the
14325 session security level is adjusted accordingly.
14327 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14329 * doc/cha-gtls-app.texi: doc update
14331 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14333 * lib/Makefile.am, lib/gnutls_priority.c,
14334 lib/priority_options.gperf: Use gperf to find priority string
14337 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14339 * lib/gnutls_priority.c: verification profiles can be set
14340 individually as well.
14342 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14344 * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
14347 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14349 * lib/gnutls_priority.c: increased the overall security level unless
14350 %COMPAT is specified.
14352 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14354 * lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
14355 verification profiles when setting priority strings
14357 2014-01-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
14359 * lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c:
14360 Added certificate verification profiles.
14362 2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
14364 * lib/x509/verify.c: simplified _gnutls_verify_certificate2().
14366 2014-01-10 Nikos Mavrogiannopoulos <nmav@redhat.com>
14368 * lib/x509/verify.c: consistency changes.
14370 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14372 * lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
14375 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14379 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14381 * lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
14382 lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
14383 lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
14384 now kept in trust list instead of the credentials parameters. This is however not enabled by default. When adding CAs to trust
14385 list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
14386 RDN sequence. This flag is for now only useful internally in gnutls.
14388 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14390 * tests/x509dn.c: simplified x509dn
14392 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14394 * lib/gnutls_x509.c: doc update
14396 2014-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14398 * tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
14399 set_pkcs12_cred test.
14401 2014-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14403 * NEWS, lib/pkcs11.c: doc update
14405 2014-01-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
14407 * src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
14408 servers Without this patch, a TLS 1.2-only server will not be properly
14409 investigated by gnutls-cli-debug. e.g. a server like: gnutls-serv --x509keyfile=server/secret.key
14410 --x509certfile=server/x509.pem --priority
14411 'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
14412 localhost Resolving 'localhost'... Connecting to '::1:5556'...
14413 Checking for SSL 3.0 support... no Checking whether %COMPAT is
14414 required... yes Checking for TLS 1.0 support... no Checking for TLS
14415 1.1 support... no Checking fallback from TLS 1.1 to... failed
14416 Checking for TLS 1.2 support... yes Checking whether we need to
14417 disable TLS 1.2... N/A Checking whether we need to disable TLS
14418 1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
14419 dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
14421 2014-01-06 Nils Maier <maierman@web.de>
14423 * lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
14424 using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
14425 full packet before setting priv->expect_cstatus = 0, or else
14426 CERTIFCATE STATUS packets won't be processed in subsequent calls at
14427 all, leaving them in the buffer and therefore causing later
14428 connection aborts. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
14430 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14432 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
14433 lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
14434 renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
14435 looking for a trusted certificate.
14437 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14439 * lib/gnutls_x509.c: simplified
14440 gnutls_certificate_set_x509_crl_file/mem.
14442 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14444 * lib/gnutls_x509.c: simplified
14445 gnutls_certificate_set_x509_trust_file/mem.
14447 2014-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14449 * lib/x509/verify-high2.c: use gnutls_strdup
14451 2014-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14455 2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14457 * tests/Makefile.am: mini-record-2 movedto front.
14459 2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
14461 * lib/crypto-selftests-pk.c: removed debugging
14463 2014-01-03 Nikos Mavrogiannopoulos <nmav@redhat.com>
14465 * lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
14466 PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
14467 and distrust (blacklists).
14469 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14471 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
14472 lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()
14474 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14476 * lib/pkcs11.c: more sensible names in find data private structures.
14478 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14482 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14484 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
14485 gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
14486 GNUTLS_PKCS11_ISSUER_ANY is not specified.
14488 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14492 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14494 * lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
14495 lib/pkcs11_write.c: unified PKCS#11 debug messages
14497 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14499 * configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
14500 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h:
14501 Updated PKCS #11 support for
14502 gnutls_x509_trust_list_add_trust_file(). It will now use the PKCS #11 trust URL while verifying instead of
14503 importing all CAs. That way it allows verification on the spot
14504 without requiring the gnutls to restart in case of a blacklisted CA.
14506 2014-01-02 Nikos Mavrogiannopoulos <nmav@redhat.com>
14510 2014-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14512 * src/p11tool-args.def: Added documentation for force autogen to
14513 generate correct texinfo code.
14515 2013-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14519 2013-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14523 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14525 * tests/resume-dtls.c, tests/resume.c: resume tests will not block
14528 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14530 * lib/gnutls_global.c: moved constructor definitions to macros to
14531 allow easier extensions to other systems.
14533 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14535 * tests/rng-fork.c: perform the iteration check on both rngs.
14537 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14539 * tests/suppressions.valgrind: Add suppression for nettle's memxor3
14541 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14545 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14547 * tests/mini-dtls-record.c: updated
14549 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14551 * lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
14552 the current size of the client hello.
14554 2013-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14556 * lib/ext/dumbfw.c: doc update
14558 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14560 * lib/ext/dumbfw.c: do not pad when the client hello size is
14561 sufficiently small.
14563 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14565 * lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
14566 padding if the hello data are already too long.
14568 2013-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14570 * lib/Makefile.am: export only xssl symbols; small patch by Andreas
14573 2013-12-26 Gustavo Zacarias <gustavo@zacarias.com.ar>
14575 * src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
14576 glibc where it's defined in librt rather than libc directly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
14578 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14580 * lib/nettle/pk.c: limit the size of the DH exponent
14582 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14584 * lib/nettle/pk.c: unified constants
14586 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14588 * tests/fips-test.c: Do not run the fips-test when not in fips mode
14590 2013-12-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14592 * lib/ext/session_ticket.c, lib/ext/status_request.c,
14593 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h:
14594 simplified gnutls_handshake_alloc
14596 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14598 * lib/pkcs11_write.c: do not specify a default class when searching
14599 for objects to delete This fixed issue when trying to delete all the keys in a token by
14600 using the token URL.
14602 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14604 * src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
14605 flag to force security office login to the card
14607 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14609 * src/pkcs11.c: updated txt
14611 2013-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14613 * src/pkcs11.c: print warning when no token name is provided
14615 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14617 * lib/x509/common.c: Added userPrincipalName
14619 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14621 * libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
14622 parameter is ignored.
14624 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14626 * src/cli.c: corrected key ID size check
14628 2013-12-23 Nikos Mavrogiannopoulos <nmav@redhat.com>
14630 * configure.ac: Ported Alon's patch to correctly check for librt (et
14631 al.) This also makes clock_gettime() check independent of the FIPS140
14634 2013-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14636 * src/p11tool-args.def: Added aliases list-privkeys and list-keys
14638 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14640 * lib/system.c: undefine select as well in win32
14642 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14644 * tests/mini-dtls-large.c, tests/mini-dtls-record.c,
14645 tests/mini-handshake-timeout.c: corrected some tests to operate
14646 silently under valgrind
14648 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14650 * tests/mpi.c, tests/x509cert-tl.c: corrected leaks
14652 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14654 * lib/system.c: do not use the gnulib wrappers in win32
14656 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14658 * src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
14659 set the gnulib functions for recv and send.
14661 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14663 * lib/accelerated/x86/elf/cpuid-x86_64.s: updated
14665 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14667 * tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
14670 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14672 * tests/x509cert-tl.c: corrected check
14674 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14676 * lib/x509/verify-high.c: removed debugging
14678 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14680 * tests/pkcs12_s2k.c: corrected paths
14682 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14684 * lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c:
14685 pkcs11_get_random was renamed
14687 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14689 * lib/accelerated/x86/coff/aes-ssse3-x86.s,
14690 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
14691 lib/accelerated/x86/coff/aesni-x86.s,
14692 lib/accelerated/x86/coff/aesni-x86_64.s,
14693 lib/accelerated/x86/coff/cpuid-x86.s,
14694 lib/accelerated/x86/coff/cpuid-x86_64.s,
14695 lib/accelerated/x86/coff/e_padlock-x86.s,
14696 lib/accelerated/x86/coff/e_padlock-x86_64.s,
14697 lib/accelerated/x86/coff/ghash-x86_64.s,
14698 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
14699 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
14700 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
14701 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
14702 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
14703 lib/accelerated/x86/elf/aes-ssse3-x86.s,
14704 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
14705 lib/accelerated/x86/elf/aesni-x86_64.s,
14706 lib/accelerated/x86/elf/cpuid-x86_64.s,
14707 lib/accelerated/x86/elf/e_padlock-x86.s,
14708 lib/accelerated/x86/elf/e_padlock-x86_64.s,
14709 lib/accelerated/x86/elf/ghash-x86_64.s,
14710 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
14711 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
14712 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
14713 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
14714 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
14715 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
14716 lib/accelerated/x86/macosx/aesni-x86.s,
14717 lib/accelerated/x86/macosx/aesni-x86_64.s,
14718 lib/accelerated/x86/macosx/cpuid-x86.s,
14719 lib/accelerated/x86/macosx/cpuid-x86_64.s,
14720 lib/accelerated/x86/macosx/e_padlock-x86.s,
14721 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
14722 lib/accelerated/x86/macosx/ghash-x86_64.s,
14723 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
14724 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
14725 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
14726 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
14727 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
14730 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14732 * cfg.mk: correctly generate asm sources
14734 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14736 * cfg.mk: gnu note for stack only used in ELF
14738 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14740 * lib/accelerated/x86/coff/openssl-cpuid-x86.s,
14741 lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
14742 lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
14743 lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
14746 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14748 * lib/Makefile.am, lib/accelerated/Makefile.am,
14749 lib/accelerated/accelerated.c: Improved nettle check for
14750 registration of accelerated ciphers.
14752 2013-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14754 * lib/accelerated/x86/Makefile.am: use the correct sources in win32
14757 2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14759 * lib/Makefile.am: simplified deps
14761 2013-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14763 * lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: lib/Makefile.am
14765 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
14767 * tests/suite/testdane: updated danetool
14769 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
14771 * lib/algorithms/ecc.c: changed default to 256R1
14773 2013-12-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
14775 * src/serv-args.def: doc update
14777 2013-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14779 * lib/Makefile.am: the accelerated library is depending on nettle
14782 2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14784 * src/certtool-args.def: doc update
14786 2013-12-17 Nikos Mavrogiannopoulos <nmav@redhat.com>
14788 * doc/cha-tokens.texi: updated to account the file format p11-kit
14791 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14795 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14797 * devel/openssl: restricted submodule to a specific version
14799 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14801 * .gitignore, cfg.mk: bootstrap will initialize the submodules
14803 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14805 * lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
14806 lib/accelerated/x86/coff/aesni-x86_64.s,
14807 lib/accelerated/x86/coff/e_padlock-x86_64.s,
14808 lib/accelerated/x86/coff/ghash-x86_64.s,
14809 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
14810 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
14811 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
14812 lib/accelerated/x86/elf/aesni-x86_64.s,
14813 lib/accelerated/x86/elf/e_padlock-x86_64.s,
14814 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
14815 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
14816 lib/accelerated/x86/macosx/aesni-x86_64.s,
14817 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
14818 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files
14820 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14822 * .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
14823 devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
14824 devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
14825 devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
14826 devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
14827 devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
14828 devel/perlasm/openssl-cpuid-x86.pl.license,
14829 devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
14830 devel/perlasm/sha1-ssse3-x86_64.pl,
14831 devel/perlasm/sha256-ssse3-x86.pl,
14832 devel/perlasm/sha512-ssse3-x86.pl,
14833 devel/perlasm/sha512-ssse3-x86_64.pl,
14834 devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
14835 devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
14836 devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
14837 using git submodule
14839 2013-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14843 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14845 * configure.ac, lib/system.c: Added configure option
14846 --with-default-blacklist-file This option allows to specify a file containing blacklisted
14849 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14851 * lib/x509/verify-high.c, lib/x509/verify-high2.c:
14852 gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
14853 black list. When a CA or certificate is removed from the trusted list, it is
14854 also added in a blacklist to ensure that it will not be accepted due
14855 to interdependency (e.g., it is a subordinate CA), or because it is
14858 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14860 * lib/x509/verify-high2.c: Corrected documentation for
14861 gnutls_x509_trust_list_add_trust_*
14863 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14865 * lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
14866 in gnutls_pkcs11_reinit.
14868 2013-12-16 Nikos Mavrogiannopoulos <nmav@redhat.com>
14870 * lib/nettle/mac.c: Avoid verbose logging
14872 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14874 * lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h:
14875 use better definitions
14877 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14879 * tests/mini-cert-status.c: doc update
14881 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14885 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14887 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
14888 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
14889 lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
14890 lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
14891 boundaries the buffers provided to cryptodev. When gnutls is compiled with support for cryptodev, the buffers
14892 provided to crypto backend are ensured to be 16-byte aligned (except
14893 the ones provided by the user). That increases performance in
14894 several crypto accelerators.
14896 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14898 * tests/mini-dtls-large.c: updated to correspond to new fail()
14900 2013-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14902 * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
14903 lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
14906 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14908 * lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
14909 lib/accelerated/x86/aes-cbc-x86-aesni.c,
14910 lib/accelerated/x86/aes-cbc-x86-ssse3.c,
14911 lib/accelerated/x86/aes-gcm-padlock.c,
14912 lib/accelerated/x86/aes-gcm-x86-aesni.c,
14913 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
14914 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
14915 lib/accelerated/x86/aes-padlock.c,
14916 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
14917 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
14918 lib/accelerated/x86/hmac-x86-ssse3.c,
14919 lib/accelerated/x86/sha-padlock.c,
14920 lib/accelerated/x86/sha-padlock.h,
14921 lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
14922 lib/accelerated/x86/x86-common.c: reorganized source files.
14924 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14926 * lib/accelerated/x86/Makefile.am,
14927 lib/accelerated/x86/aes-gcm-x86-aesni.c,
14928 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
14929 AESNI is available without PCLMUL, then use AES-NI in GCM.
14931 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14933 * lib/accelerated/x86/aes-gcm-padlock.c,
14934 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
14935 lib/accelerated/x86/aes-x86.c: addressed warning
14937 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14939 * lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
14942 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14944 * lib/accelerated/x86/Makefile.am,
14945 lib/accelerated/x86/hmac-x86-ssse3.c,
14946 lib/accelerated/x86/hmac-x86.c,
14947 lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.c:
14948 use better names for files
14950 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14952 * lib/accelerated/x86/aes-gcm-padlock.c,
14953 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
14954 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
14955 lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
14956 lib/accelerated/x86/hmac-padlock.c: zeroize keys
14958 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14960 * lib/accelerated/x86/Makefile.am,
14961 lib/accelerated/x86/aes-gcm-x86-pclmul.c,
14962 lib/accelerated/x86/aes-gcm-x86-ssse3.c,
14963 lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-x86.c,
14964 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c,
14965 lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When
14966 PCLMUL isn't available use the SSSE3 implementation of AES to
14969 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14971 * src/benchmark-tls.c: removed UMAC ciphersuites from benchmark
14973 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14975 * src/benchmark-tls.c: removed the estream ciphersuites from
14978 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
14980 * cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
14981 devel/perlasm/aes-ssse3-x86.pl.license,
14982 devel/perlasm/aes-ssse3-x86_64.pl,
14983 devel/perlasm/aes-ssse3-x86_64.pl.license,
14984 devel/perlasm/aesni-x86.pl.license,
14985 devel/perlasm/aesni-x86_64.pl.license,
14986 devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
14987 devel/perlasm/cpuid-x86_64.pl.license,
14988 devel/perlasm/e_padlock-x86.pl.license,
14989 devel/perlasm/e_padlock-x86_64.pl.license,
14990 devel/perlasm/ghash-x86.pl.license,
14991 devel/perlasm/ghash-x86_64.pl.license,
14992 devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
14993 devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
14994 devel/perlasm/openssl-cpuid-x86.pl.license,
14995 devel/perlasm/ppc-xlate.pl.license,
14996 devel/perlasm/sha1-ssse3-x86.pl.license,
14997 devel/perlasm/sha1-ssse3-x86_64.pl.license,
14998 devel/perlasm/sha256-ssse3-x86.pl.license,
14999 devel/perlasm/sha512-ssse3-x86.pl.license,
15000 devel/perlasm/sha512-ssse3-x86_64.pl.license,
15001 lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
15002 lib/accelerated/x86/coff/aes-ssse3-x86.s,
15003 lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
15004 lib/accelerated/x86/coff/aesni-x86.s,
15005 lib/accelerated/x86/coff/aesni-x86_64.s,
15006 lib/accelerated/x86/coff/cpuid-x86.s,
15007 lib/accelerated/x86/coff/cpuid-x86_64.s,
15008 lib/accelerated/x86/coff/e_padlock-x86.s,
15009 lib/accelerated/x86/coff/e_padlock-x86_64.s,
15010 lib/accelerated/x86/coff/ghash-x86_64.s,
15011 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
15012 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
15013 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
15014 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
15015 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
15016 lib/accelerated/x86/elf/aes-ssse3-x86.s,
15017 lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
15018 lib/accelerated/x86/elf/aesni-x86.s,
15019 lib/accelerated/x86/elf/aesni-x86_64.s,
15020 lib/accelerated/x86/elf/cpuid-x86.s,
15021 lib/accelerated/x86/elf/cpuid-x86_64.s,
15022 lib/accelerated/x86/elf/e_padlock-x86.s,
15023 lib/accelerated/x86/elf/e_padlock-x86_64.s,
15024 lib/accelerated/x86/elf/ghash-x86_64.s,
15025 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
15026 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
15027 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
15028 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
15029 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
15030 lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
15031 lib/accelerated/x86/macosx/aes-ssse3-x86.s,
15032 lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
15033 lib/accelerated/x86/macosx/aesni-x86.s,
15034 lib/accelerated/x86/macosx/aesni-x86_64.s,
15035 lib/accelerated/x86/macosx/cpuid-x86.s,
15036 lib/accelerated/x86/macosx/cpuid-x86_64.s,
15037 lib/accelerated/x86/macosx/e_padlock-x86.s,
15038 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
15039 lib/accelerated/x86/macosx/ghash-x86_64.s,
15040 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
15041 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
15042 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
15043 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
15044 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
15045 Hamburg's SSSE3 AES implementation.
15047 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15049 * doc/Makefile.am, doc/manpages/Makefile.am: doc update
15051 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15053 * cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
15054 devel/perlasm/sha1-ssse3-x86.pl,
15055 devel/perlasm/sha1-ssse3-x86_64.pl,
15056 devel/perlasm/sha256-ssse3-x86.pl,
15057 devel/perlasm/sha512-ssse3-x86.pl,
15058 devel/perlasm/sha512-ssse3-x86_64.pl,
15059 lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
15060 lib/accelerated/x86/aes-x86.c,
15061 lib/accelerated/x86/coff/aesni-x86.s,
15062 lib/accelerated/x86/coff/aesni-x86_64.s,
15063 lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
15064 lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
15065 lib/accelerated/x86/coff/appro-aes-x86-coff.s,
15066 lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
15067 lib/accelerated/x86/coff/cpuid-x86-coff.s,
15068 lib/accelerated/x86/coff/cpuid-x86.s,
15069 lib/accelerated/x86/coff/cpuid-x86_64.s,
15070 lib/accelerated/x86/coff/e_padlock-x86.s,
15071 lib/accelerated/x86/coff/e_padlock-x86_64.s,
15072 lib/accelerated/x86/coff/ghash-x86_64.s,
15073 lib/accelerated/x86/coff/openssl-cpuid-x86.s,
15074 lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
15075 lib/accelerated/x86/coff/padlock-x86-64-coff.s,
15076 lib/accelerated/x86/coff/padlock-x86-coff.s,
15077 lib/accelerated/x86/coff/sha1-ssse3-x86.s,
15078 lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
15079 lib/accelerated/x86/coff/sha256-avx-x86_64.s,
15080 lib/accelerated/x86/coff/sha256-ssse3-x86.s,
15081 lib/accelerated/x86/coff/sha512-ssse3-x86.s,
15082 lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
15083 lib/accelerated/x86/elf/aesni-x86.s,
15084 lib/accelerated/x86/elf/aesni-x86_64.s,
15085 lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
15086 lib/accelerated/x86/elf/appro-aes-x86-64.s,
15087 lib/accelerated/x86/elf/appro-aes-x86.s,
15088 lib/accelerated/x86/elf/cpuid-x86-64.s,
15089 lib/accelerated/x86/elf/cpuid-x86_64.s,
15090 lib/accelerated/x86/elf/e_padlock-x86.s,
15091 lib/accelerated/x86/elf/e_padlock-x86_64.s,
15092 lib/accelerated/x86/elf/ghash-x86_64.s,
15093 lib/accelerated/x86/elf/padlock-x86-64.s,
15094 lib/accelerated/x86/elf/padlock-x86.s,
15095 lib/accelerated/x86/elf/sha1-ssse3-x86.s,
15096 lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
15097 lib/accelerated/x86/elf/sha256-avx-x86_64.s,
15098 lib/accelerated/x86/elf/sha256-ssse3-x86.s,
15099 lib/accelerated/x86/elf/sha512-ssse3-x86.s,
15100 lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
15101 lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
15102 lib/accelerated/x86/macosx/aesni-x86.s,
15103 lib/accelerated/x86/macosx/aesni-x86_64.s,
15104 lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
15105 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
15106 lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
15107 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
15108 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
15109 lib/accelerated/x86/macosx/cpuid-x86.s,
15110 lib/accelerated/x86/macosx/cpuid-x86_64.s,
15111 lib/accelerated/x86/macosx/e_padlock-x86.s,
15112 lib/accelerated/x86/macosx/e_padlock-x86_64.s,
15113 lib/accelerated/x86/macosx/ghash-x86_64.s,
15114 lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
15115 lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
15116 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
15117 lib/accelerated/x86/macosx/padlock-x86-macosx.s,
15118 lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
15119 lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
15120 lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
15121 lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
15122 lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
15123 lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
15124 lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
15125 lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
15128 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15130 * lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h:
15131 Utilize the optimized SHA functions in Padlock HMAC.
15133 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15135 * src/Makefile.am: use a single BUILT_SOURCES
15137 2012-05-03 Patrick Pelletier <code@funwithsoftware.org>
15139 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
15140 doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
15141 lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def:
15142 minor phrasing improvements in docs
15144 2013-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15146 * src/Makefile.am: Added auto-generated files in BUILT_SOURCES
15148 2013-12-13 Jared Wong <jaredlwong@gmail.com>
15150 * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
15151 line_size. All checks were being done where the line_size check was done last.
15152 This allows data to be read from one past teh end of the line
15153 buffer. In C, accessing data outside of an array is undefined
15154 behavior and may cause yet known problems. Additionally, the
15155 compiler may end up making some unreasonable assumptions under the
15156 pretense that the programmer is never wrong and would not access
15157 data outside of the array.
15159 2013-12-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15161 * src/libopts/m4/libopts.m4: Avoid conditional generation of
15164 2013-12-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
15166 * lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
15167 prime size as well.
15169 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15173 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15175 * lib/libgnutls.map: exported function
15177 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15179 * lib/gnutls_buffers.c, lib/gnutls_record.c,
15180 lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.
15182 2013-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15184 * Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
15185 gnu-ism in Makefiles
15187 2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
15189 * lib/gnutls_global.c: simplified logic
15191 2013-12-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
15193 * lib/fips.c: Correctly detect the FIPS140-2 HMAC file.
15195 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15197 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
15198 lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
15199 exported pkcs11 functions initialize PKCS #11.
15201 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15203 * lib/pkcs11.c: fixes in PKCS #11 initialization
15205 2013-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15207 * lib/gnutls_handshake.c: provide imprecise time as gmt time.
15209 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
15211 * lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
15212 auto-reinitialization.
15214 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
15216 * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c:
15217 fully initialize the PKCS #11 subsystem only when it is needed to.
15219 2013-12-09 Nikos Mavrogiannopoulos <nmav@redhat.com>
15221 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
15222 lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
15223 lib/nettle/mac.c: FIPS140 mode is detected on run-time. That allows a library compiled in FIPS140 mode to operate as the
15224 full library if the system is not in FIPS mode.
15226 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15228 * .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
15229 check to verify that gnutls_global_init() is run on the library
15232 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15234 * tests/global-init.c: converted to a simple check for
15235 gnutls_global_init() as gnutls_global_init2() will not be added.
15237 2013-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15239 * lib/pkcs11.c: call p11_kit_modules_load() with null argument.
15241 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
15243 * configure.ac: only use LT_INIT
15245 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
15249 2013-12-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
15251 * configure.ac: disable static library build by default
15253 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
15255 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
15256 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
15257 gnutls_global_init2() is no longer exported.
15259 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
15261 * NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update
15263 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
15265 * lib/pkcs11.c: Added automatic reinitialization on fork() on the
15266 PKCS #11 subsystem.
15268 2013-12-05 Nikos Mavrogiannopoulos <nmav@redhat.com>
15270 * lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
15271 lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
15274 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15278 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15280 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
15281 lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c:
15282 Use a DRBG-AES to generate nonces rather than the yarrow RNG.
15284 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15286 * lib/nettle/rnd-fips.c: getpid() is conditionally used.
15288 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15290 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
15291 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
15292 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
15293 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
15294 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
15295 auto-generated files
15297 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15299 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
15300 tests/fips-test.c: removed zombie mode, and no longer use fips140.h
15302 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15304 * lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
15305 lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
15308 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15310 * lib/fips.c: simplified func
15312 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15314 * lib/crypto-api.c, lib/nettle/pk.c: corrected macros
15316 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15318 * tests/rng-fork.c: Check whether the RNG can perform many
15319 iterations without error.
15321 2013-12-04 Nikos Mavrogiannopoulos <nmav@redhat.com>
15323 * lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
15324 lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
15325 exceed a number of iterations.
15327 2013-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15329 * lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
15330 mutex to avoid any side-effects.
15332 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15334 * lib/locks.h: re-initialize a deleted staticly initialized mutex
15336 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15340 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15342 * lib/nettle/pk.c: Added hack for nettle's checks.
15344 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15346 * lib/algorithms/secparams.c: adjusted parameters in normal level
15347 for DSA to match nettle's abilities.
15349 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15351 * src/certtool.c: added newlines in error reporting
15353 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15355 * lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
15356 tests when used from slow/cipher-test
15358 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15362 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15364 * tests/global-init.c: updated test for the universal lib
15367 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15369 * lib/gnutls_global.c: removed deadlock from gnutls_global.c
15371 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15373 * lib/fips.c, lib/gnutls_global.c: constructor and destructors were
15374 moved outside the FIPS140 mode.
15376 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15378 * tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
15379 when not in FIPS140 mode.
15381 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15383 * lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c:
15384 fips140_simulate_error -> lib_simulate_error
15386 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15388 * lib/algorithms/secparams.c: adjusted subgroup bits to be
15389 compatible with DSA requirements.
15391 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15393 * lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
15394 lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
15395 lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
15396 lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
15397 lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
15398 library state is used even when not in FIPS mode. This allows having an error state that blocks the library usage even
15399 when not in FIPS mode.
15401 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15403 * : Merged the FIPS140-2 support code. Conflicts: lib/gnutls_global.c tests/mini-overhead.c
15405 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15407 * cross.mk: updated cross.mk
15409 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15411 * src/common.c: removed usage of %zu.
15413 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15415 * tests/mini-overhead.c: updated mini-overhead to account for the
15416 removal of salsa20+umac
15418 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15420 * lib/system.h: Detect the presence of posix locks even without
15421 linked to libpthread.
15423 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15425 * src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
15428 2013-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15430 * configure.ac: remove bashism.
15432 2013-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15434 * doc/cha-tokens.texi: doc update
15436 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15438 * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
15440 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15442 * doc/reference/gnutls-docs.sgml: updated links in reference.
15443 Reported by Nico R.
15445 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15447 * doc/reference/gnutls-docs.sgml: Added 3.2 to reference API
15449 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15451 * doc/reference/gnutls-docs.sgml: updated links in reference.
15452 Reported by Nico R.
15454 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15456 * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
15457 updated addresses and URLs. Reported by Nico R.
15459 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15461 * doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi:
15462 updated addresses and URLs. Reported by Nico R.
15464 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15466 * lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
15467 *structors to fips.c
15469 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15471 * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
15474 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15476 * lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
15479 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15481 * lib/crypto-selftests-pk.c: Added ECDH known answer test.
15483 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15485 * lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
15486 Diffie-Hellman key exchange.
15488 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15490 * lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
15493 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15495 * lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c:
15496 compacted DH support files.
15498 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15500 * lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
15501 they are not needed.
15503 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15505 * lib/x509/privkey.c: When checking the generated DSA params make
15506 sure that the data to be signed have the proper size.
15508 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15510 * lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
15511 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
15512 lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
15513 lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
15514 exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
15515 functions. This allows handling DH key generation in the crypto backend files.
15517 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15519 * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
15521 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15523 * doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update
15525 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15527 * lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
15528 lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
15529 DRBG-AES generator by using a counter (with an arbitrary initial
15532 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15534 * lib/x509/privkey.c: Added pairwise constistency test on key
15537 2013-11-28 Nikos Mavrogiannopoulos <nmav@redhat.com>
15539 * lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero
15541 2013-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
15543 * doc/certtool.cfg: updated example certtool.cfg
15545 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15547 * lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
15548 a compiler optimizing out out calls.
15550 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15552 * lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
15553 DH and DSA key q size.
15555 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15557 * lib/algorithms/secparams.c: corrected params for ULTRA level
15559 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15563 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15565 * tests/mini-record-2.c: Re-run receiving tests on server side, to
15566 allow any valgrind errors to propagate to exit code.
15568 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15570 * lib/fips.c: Perform an integrity check on all supporting libraries
15572 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15574 * src/certtool.c: In FIPS mode the default cipher is AES.
15576 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
15578 * configure.ac: Do not link gnutls against librt unlress it is
15581 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
15583 * configure.ac: checks FIPS-140 lib requirements, moved after
15584 clock_gettime() is checked for.
15586 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15588 * lib/opencdk/armor.c: removed unused function
15590 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15592 * lib/opencdk/pubkey.c: removed unused variable
15594 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15596 * lib/crypto-selftests-pk.c, tests/mini-xssl.c,
15597 tests/pkcs12_simple.c: Skip tests that require the non-suiteb
15600 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15602 * lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h:
15603 _gnutls_privkey_decode_ecc_key() returns integers as error code to
15604 distinguish error conditions.
15606 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15608 * configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
15609 to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
15612 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15616 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15618 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
15619 lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
15620 lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
15621 lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
15622 tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
15623 parameter generator.
15625 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15627 * lib/nettle/rnd-fips.c: removed unneeded newlines
15629 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15631 * .gitignore: more files ignored
15633 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15635 * configure.ac, lib/nettle/Makefile.am, lib/nettle/gcm-camellia.c,
15636 lib/nettle/gcm-camellia.h, lib/nettle/int/drbg-aes-self-test.c,
15637 lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
15638 lib/nettle/int/gcm-camellia.c, lib/nettle/int/gcm-camellia.h,
15639 lib/nettle/rnd-fips.c: Added DRBG submitted to nettle in gnutls.
15641 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15643 * tests/mini-record-2.c: Added deflate compression tests with
15644 AES-GCM in order to be tested in FIPS mode.
15646 2013-11-25 Nikos Mavrogiannopoulos <nmav@redhat.com>
15648 * lib/crypto-api.c: corrected comparison
15650 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15652 * lib/crypto-api.c: Allow MD5 hash in zombie mode
15654 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15656 * lib/gnutls_errors.h: fixed bug
15658 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15660 * tests/Makefile.am: don't run openssl (md5) when in fips mode
15662 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15664 * lib/fips.c, tests/fips-test.c: separate zombie mode from
15665 operational fips mode
15667 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15669 * tests/fips-test.c: modified to account for zombie mode
15671 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15673 * lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
15676 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15678 * lib/x509/privkey_openssl.c: beautified table
15680 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15682 * NEWS: added new functions
15684 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15686 * lib/crypto-selftests-pk.c: eliminated memory leak on PK self
15689 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15691 * lib/gnutls_errors.c, lib/gnutls_global.c,
15692 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
15693 lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c:
15694 Added gnutls_global_init2(). This allows initializing gnutls in a
15695 constructor in FIPS140 mode
15697 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15699 * lib/fips.c: Added an audit message in self test failure
15701 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15703 * lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
15706 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15708 * lib/fips.c: binary integrity self test moved to end
15710 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15712 * lib/gnutls_errors.h: simplified debugging levels.
15714 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15716 * lib/x509_b64.c: silence some errors
15718 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15720 * lib/nettle/rnd-fips.c: updated
15722 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15724 * lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c:
15725 Better handling of FIPS140-2 initialization
15727 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15729 * lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
15730 lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
15731 determine which curves are available.
15733 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15735 * lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c:
15736 gnutls_key_generate() is restricted by the size of the initial RNG
15737 seed in FIPS140-2 mode.
15739 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15741 * lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
15744 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15746 * lib/nettle/pk.c: when using the rng() with a void option use the
15747 FIPS state to indicate errors.
15749 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15751 * tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
15752 tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
15753 tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c:
15754 Restrict the number of tests run on FIPS140-2 mode.
15756 2013-11-22 Nikos Mavrogiannopoulos <nmav@redhat.com>
15758 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
15759 lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
15760 lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
15761 FIPS140-2 mode disable non-conformant ciphers, MAC and hash
15764 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
15766 * lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c:
15767 Use nettle for the generation of DH group parameters.
15769 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
15771 * lib/nettle/pk.c: no need to memset. It should have been
15774 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
15776 * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
15777 tests/cert-tests/ca-no-pathlen.pem,
15778 tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
15779 not involve the security level into the certificate comparisons.
15781 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
15783 * lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
15784 lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
15785 pk_generate_params() and pk_generate_keys(). This allows using the pk_generate interface to get DH parameters and
15788 2013-11-20 Nikos Mavrogiannopoulos <nmav@redhat.com>
15790 * lib/algorithms/secparams.c: restricted combinations of security
15791 parameters in FIPS mode.
15793 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
15795 * lib/nettle/rnd-fips.c: removed the initialized static variable.
15797 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
15799 * lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
15800 lib/nettle/rnd-fips.c: Corrected _rnd_get_event().
15802 2013-11-19 Nikos Mavrogiannopoulos <nmav@redhat.com>
15804 * lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
15805 lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
15806 lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c:
15807 Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
15810 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
15812 * tests/rng-fork.c: In rng_fork test all random generators.
15814 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
15816 * lib/nettle/rnd-fips.c: comments updated to conform to the modified
15819 2013-11-18 Nikos Mavrogiannopoulos <nmav@redhat.com>
15821 * lib/nettle/rnd-fips.c: removed external test functions
15823 2013-11-15 Nikos Mavrogiannopoulos <nmav@redhat.com>
15825 * .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
15826 lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
15827 lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
15828 libgcrypt's AES-based DRBG.
15830 2013-11-14 Nikos Mavrogiannopoulos <nmav@redhat.com>
15832 * lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
15833 lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
15836 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15838 * lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
15839 lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
15842 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15844 * lib/x509/privkey_pkcs8.c: corrected typo
15846 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15848 * lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
15849 lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
15852 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15854 * lib/x509/privkey_openssl.c: more keys are zeroized
15856 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15858 * m4/hooks.m4: require libtasn1 3.4
15860 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15862 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
15863 lib/minitasn1/element.c, lib/minitasn1/element.h,
15864 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
15865 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
15866 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
15867 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
15868 lib/minitasn1/version.c: updated libtasn1 version
15870 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15872 * lib/nettle/pk.c: use the most appropriate nettle function
15874 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15876 * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
15877 lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
15878 lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
15879 lib/x509/privkey_pkcs8.c: better naming for free_datum functions.
15881 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15883 * lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
15884 lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
15885 lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
15886 buffers of private keys.
15888 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
15890 * lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
15891 ECC secret scalars and points.
15893 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
15895 * lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
15896 lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
15897 lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
15898 lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
15899 lib/nettle/mac.c: Added zeroization of keys in several parts within
15902 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
15904 * lib/gnutls_dh.c: doc update
15906 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
15908 * lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
15911 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
15913 * lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
15914 _gnutls_mpi_release()
15916 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
15918 * NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
15919 lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
15920 lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
15921 tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
15922 and added a self test for it.
15924 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
15926 * lib/fips.c, lib/fips.h: Added binary integrity test
15928 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
15930 * configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
15931 lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
15932 lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
15933 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
15934 lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
15935 lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
15936 lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
15937 for fips states. This implies that when in FIPS mode and the library is not in
15938 operational state (i.e., all self checks succeeded), crypto
15939 functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
15941 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
15943 * lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
15944 tests/slow/cipher-test.c: indented code
15946 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
15950 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
15952 * configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
15953 tests/slow/cipher-test.c: Self checks are conditionally included in
15956 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
15958 * lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
15959 RSA, DSA and ECDSA.
15961 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
15963 * lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
15964 specifying an explicit curve.
15966 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
15968 * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
15969 lib/libgnutls.map: Added gnutls_privkey_generate().
15971 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
15973 * lib/Makefile.am, lib/crypto-selftests-pk.c,
15974 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
15975 tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
15978 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
15980 * lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
15981 tests/slow/cipher-test.c: Added option to run all available self
15982 tests per category in a single run.
15984 2013-11-07 Nikos Mavrogiannopoulos <nmav@redhat.com>
15986 * lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
15987 self-tests by adding digest and MAC tests.
15989 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
15991 * lib/Makefile.am, lib/crypto-selftests.c,
15992 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
15993 tests/slow/cipher-test.c: Added self tests
15995 2013-11-27 Nikos Mavrogiannopoulos <nmav@redhat.com>
15997 * configure.ac: check for alternative unbound root key files.
15999 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16001 * lib/debug.c: increased buffers
16003 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16005 * lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
16006 lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
16007 lib/accelerated/x86/coff/padlock-x86-64-coff.s,
16008 lib/accelerated/x86/coff/padlock-x86-coff.s,
16009 lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
16010 lib/accelerated/x86/elf/appro-aes-x86-64.s,
16011 lib/accelerated/x86/elf/padlock-x86-64.s,
16012 lib/accelerated/x86/elf/padlock-x86.s,
16013 lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
16014 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
16015 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
16016 lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
16017 auto-generated asm files. This fixes a valgrind complaint when
16020 2013-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16022 * devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
16023 devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
16024 devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
16025 devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
16026 devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
16027 devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
16028 devel/perlasm/x86nasm.pl: updated perlasm files
16030 2013-11-26 Nikos Mavrogiannopoulos <nmav@redhat.com>
16032 * configure.ac, lib/Makefile.am: Do not link gnutls against librt
16033 unlress it is really necessary. Conflicts: configure.ac lib/Makefile.am
16035 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16037 * lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites
16039 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16041 * .gitignore: more files to ignore
16043 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16045 * configure.ac: updated e-mail address
16047 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16049 * doc/manpages/Makefile.am: use $shell()
16051 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16053 * Makefile.am, src/args-std.def: handle centrally more variables
16055 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16057 * configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
16058 manpage generation (and information stored to it).
16060 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16062 * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16063 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16064 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16065 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
16066 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
16067 auto-generated doc files.
16069 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16071 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16072 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
16073 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
16074 doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c:
16075 certtool's --verify option if not supplied with a CA list, will use
16076 the system's CA list.
16078 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16080 * lib/includes/gnutls/x509.h: cast the expiration time to time_t
16082 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16084 * lib/x509/x509_write.c: doc update
16086 2013-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16088 * lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
16089 for the 'no well defined' expiration time.
16091 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16093 * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
16094 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
16095 gl/tests/Makefile.am, gl/tests/strerror-override.c,
16096 gl/tests/strerror-override.h, gl/tests/strerror.c: Added strerror
16099 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16101 * lib/nettle/egd.c: better use of errno
16103 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16105 * doc/latex/epub.tex, doc/latex/gnutls.tex,
16106 doc/scripts/mytexi2latex: use eurosym package for euro symbol
16108 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16110 * configure.ac: Corrected check of usage of local libopts when
16111 autogen isn't present
16113 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16115 * tests/cert-tests/Makefile.am,
16116 tests/cert-tests/template-dn-err.tmpl,
16117 tests/cert-tests/template-test: Verify failure of DN parsing in a
16120 2013-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16122 * lib/gnutls_compress.c: disallow any compression in DTLS
16124 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16126 * tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c:
16127 mini-deflate was combined with mini-record-2
16129 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16131 * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
16132 lib/gnutls_record.h: Corrected bug which affected compressed
16133 records. Less space was provided for decryption than the required causing
16134 disconnection issues when compression was used. The issue was
16135 pointed by Frank Zschockelt. Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
16136 max_decrypted_size() and max_record_recv_size().
16138 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16140 * lib/ext/session_ticket.c: check return code of gnutls_rnd().
16142 2013-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16144 * lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
16147 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16149 * cross.mk: updated cross.mk
16151 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16153 * lib/system.c: fixed for win32
16155 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16157 * lib/gnutls_buffers.c: added assert to trace errors.
16159 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16161 * cross.mk: updated
16163 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16165 * src/Makefile.am: link all programs with libgnu_gpl to avoid
16166 conflicts from header files.
16168 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16170 * src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
16171 src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h:
16172 Added progname module which is used by error().
16174 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16176 * src/socket.c: safer usage of strerror
16178 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16180 * doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable
16182 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16184 * src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
16187 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16189 * src/Makefile.am: corrected libopts patch
16191 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16193 * src/gl/error.c: removed unneed line
16195 2013-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16197 * .gitignore: ignore xssl manpages
16199 2013-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16201 * lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
16204 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16206 * Makefile.am: generate ChangeLog after doc/ is checked.
16208 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16210 * doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles
16212 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16214 * doc/scripts/getfuncs.pl: made more clever to ignore inline
16217 2013-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16219 * .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16220 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16221 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16222 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
16223 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
16224 auto-generated files
16226 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16228 * doc/cha-gtls-app.texi: doc update
16230 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16232 * lib/libgnutls.map: exported gnutls_est_record_overhead_size
16234 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16236 * lib/gnutls_global.c: do not add newline (it's already in the
16239 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16241 * lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
16242 function is not updated if it is already set.
16244 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16246 * doc/cha-gtls-app.texi: doc update
16248 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16252 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16254 * configure.ac: bumped version
16256 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16258 * cfg.mk: updated glimport
16260 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16262 * cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16263 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
16264 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
16265 doc/invoke-tpmtool.texi, src/certtool-args.def: doc update
16267 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16269 * tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
16270 tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test:
16271 Added self checks for new date reading functionality
16273 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16275 * .gitignore, src/Makefile.am, src/certtool-args.def,
16276 src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
16277 activation_date and expiration_date options to certtool template
16280 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16282 * .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
16283 src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
16284 src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
16285 src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
16286 src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
16287 src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
16288 src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
16289 src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
16290 src/gl/m4/error.m4, src/gl/m4/extensions.m4,
16291 src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
16292 src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
16293 src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
16294 src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
16295 src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
16296 src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
16297 src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
16298 src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
16299 src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
16300 src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
16301 src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
16302 src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
16303 src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
16304 src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
16305 src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
16306 src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
16307 src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
16308 src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
16309 src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
16310 src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
16311 src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
16312 src/gl/strerror-override.c, src/gl/strerror-override.h,
16313 src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
16314 src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
16315 src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
16316 src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
16317 src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
16318 src/gl/xmalloc.c: Added a gnulib with GPL components for use by
16321 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16323 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16324 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16325 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16326 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
16327 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def:
16328 corrected bug reporting address.
16330 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16332 * src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
16333 for overflows when setting time and allow a time of -1.
16335 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16337 * lib/x509/common.c, tests/cert-tests/Makefile.am,
16338 tests/cert-tests/template-overflow.pem,
16339 tests/cert-tests/template-overflow.tmpl,
16340 tests/cert-tests/template-overflow2.pem,
16341 tests/cert-tests/template-overflow2.tmpl,
16342 tests/cert-tests/template-test: Dates and time that would overflow
16343 the GeneralTime are also truncated. We may need to revise that
16346 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16348 * doc/Makefile.am, doc/invoke-certtool.texi,
16349 doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
16350 doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
16351 doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
16352 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
16353 doc/invoke-tpmtool.texi: force serialized generation of
16354 invoke-*texi, to avoid autogen issue.
16356 2013-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16358 * lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
16359 (time_t)-1 will set to the no well-defined expiration date value.
16361 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16363 * lib/gnutls_handshake.c: correctly set the ciphersuite when the
16364 set_premaster interface is used.
16366 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16368 * lib/gnutls_state.c: check for a valid blocksize prior to entering
16371 2013-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16373 * lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
16374 if set to a number will enable logging to stderr.
16376 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
16378 * tests/suite/testcompat, tests/suite/testcompat-main: corrected
16379 issue with a not-yet-valid certificate
16381 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
16383 * src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
16386 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
16388 * src/serv.c: simplified function
16390 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
16392 * tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
16393 with fedora's openssl
16395 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
16397 * configure.ac: print whether the local libopts or libtasn1 are
16400 2013-11-13 Nikos Mavrogiannopoulos <nmav@redhat.com>
16402 * gl/Makefile.am, gl/base64.c, gl/intprops.h,
16403 gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
16404 gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/intprops.h,
16405 maint.mk: Added intprops module (which is needed by newer libtasn1
16408 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
16410 * lib/gnutls_int.h: use the bool expression instead of unsigned
16413 2013-11-12 Nikos Mavrogiannopoulos <nmav@redhat.com>
16415 * lib/gnutls_global.c: doc update
16417 2013-11-11 Nikos Mavrogiannopoulos <nmav@redhat.com>
16419 * lib/system.h: define GNUTLS_PATH_MAX globally.
16421 2013-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16423 * lib/gnutls_x509.c: doc update
16425 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16427 * tests/suite/testcompat: do not run on clippled versions of openssl
16429 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16431 * lib/x509/common.c, lib/x509/extensions.c: simplified functions.
16433 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16435 * tests/suite/ciphersuite/test-ciphers.js,
16436 tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
16439 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16441 * lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
16442 lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
16443 lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
16446 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16448 * tests/utils.c: always exit when fail is called.
16450 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16452 * configure.ac: reduced the stack size warning size.
16454 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16456 * doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update
16458 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16462 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16464 * NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
16465 lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
16466 lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
16467 string option. This works around issues when connecting behind some firewalls.
16469 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16471 * tests/mini-handshake-timeout.c: Ignore SIGPIPE. Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
16474 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16476 * doc/invoke-p11tool.texi, src/p11tool-args.def: doc update
16478 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16480 * NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
16481 of GNUTLS_PKCS11_PIN.
16483 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16487 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16489 * doc/invoke-p11tool.texi: doc update
16491 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16493 * tests/suite/pkcs11-certs/ca-tmpl,
16494 tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
16495 tests/suite/pkcs11-certs/client-tmpl,
16496 tests/suite/pkcs11-certs/client.crt,
16497 tests/suite/pkcs11-certs/client.key,
16498 tests/suite/pkcs11-certs/server-tmpl,
16499 tests/suite/pkcs11-certs/server.crt,
16500 tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
16501 test suite for PKCS #11 cards (not executed automatically).
16503 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16505 * lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
16506 self-signed certificates present in the chain
16508 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16510 * configure.ac: simplified checks
16512 2013-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16514 * src/common.c, src/p11tool-args.def: Allow getting the PIN from the
16515 GNUTLS_PKCS11_PIN environment variable.
16517 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16519 * doc/TODO: updated
16521 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16525 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16527 * lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
16528 import the whole chain. This affects gnutls_certificate_set_x509_key_file*().
16530 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16532 * src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c:
16533 Added export-chain option to p11tool
16535 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16537 * lib/Makefile.am, lib/gnutls_pubkey.c,
16538 lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
16539 lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
16540 lib/x509/x509.c: Improvements in PKCS #11 support. Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
16541 The latter function allows to obtain the issuer of a certificate
16542 stored in a token. While traversing tokens, use the URL provided by the user, to avoid
16543 looking for objects in unrelated tokens.
16545 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16547 * configure.ac: test before copy
16549 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16551 * lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()
16553 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16555 * doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
16556 lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
16557 function prototypes to account for the new indentation.
16559 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16561 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16562 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
16563 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
16564 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
16565 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
16566 doc/manpages/tpmtool.1: doc update
16568 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16570 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
16571 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
16572 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
16573 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
16574 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
16575 lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
16576 indentation in headers.
16578 2013-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16580 * Makefile.am, configure.ac: stribute the autogen'erated files as
16581 .bak and enable them only if local libopts is being used.
16583 2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16585 * doc/alert-printlist.c, doc/common.c, doc/common.h,
16586 doc/errcodes.c, doc/examples/ex-alert.c,
16587 doc/examples/ex-cert-select-pkcs11.c,
16588 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
16589 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
16590 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
16591 doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
16592 doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
16593 doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
16594 doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
16595 doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
16596 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
16597 doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
16598 doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
16599 doc/examples/ex-x509-info.c, doc/examples/examples.h,
16600 doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
16601 doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
16602 extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
16603 extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
16604 lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
16605 lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
16606 lib/accelerated/x86/aes-gcm-padlock.c,
16607 lib/accelerated/x86/aes-gcm-x86.c,
16608 lib/accelerated/x86/aes-padlock.c,
16609 lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
16610 lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
16611 lib/accelerated/x86/sha-padlock.c,
16612 lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
16613 lib/algorithms.h, lib/algorithms/cert_types.c,
16614 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
16615 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
16616 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
16617 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
16618 lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
16619 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
16620 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
16621 lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
16622 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
16623 lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
16624 lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
16625 lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
16626 lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
16627 lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
16628 lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
16629 lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
16630 lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
16631 lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
16632 lib/ext/server_name.h, lib/ext/session_ticket.c,
16633 lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
16634 lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
16635 lib/ext/status_request.c, lib/ext/status_request.h,
16636 lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
16637 lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
16638 lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
16639 lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
16640 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
16641 lib/gnutls_compress.c, lib/gnutls_compress.h,
16642 lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
16643 lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
16644 lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
16645 lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
16646 lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
16647 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
16648 lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
16649 lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
16650 lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
16651 lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
16652 lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
16653 lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
16654 lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
16655 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
16656 lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
16657 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
16658 lib/gnutls_rsa_export.c, lib/gnutls_session.c,
16659 lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
16660 lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
16661 lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
16662 lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
16663 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
16664 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
16665 lib/gnutls_x509.c, lib/gnutls_x509.h,
16666 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
16667 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
16668 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
16669 lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
16670 lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
16671 lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
16672 lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
16673 lib/minitasn1/element.c, lib/minitasn1/element.h,
16674 lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
16675 lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
16676 lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
16677 lib/minitasn1/structure.c, lib/minitasn1/structure.h,
16678 lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
16679 lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
16680 lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
16681 lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
16682 lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
16683 lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
16684 lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
16685 lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
16686 lib/opencdk/packet.h, lib/opencdk/pubkey.c,
16687 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
16688 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
16689 lib/opencdk/stream.h, lib/opencdk/types.h,
16690 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
16691 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
16692 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
16693 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
16694 lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
16695 lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
16696 lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
16697 lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
16698 lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
16699 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
16700 lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
16701 lib/x509/extensions.c, lib/x509/key_decode.c,
16702 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
16703 lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
16704 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
16705 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
16706 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
16707 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
16708 lib/x509/verify-high.c, lib/x509/verify-high.h,
16709 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
16710 lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
16711 lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
16712 lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
16713 libdane/errors.c, libdane/includes/gnutls/dane.h,
16714 src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
16715 src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
16716 src/certtool-common.c, src/certtool-common.h,
16717 src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
16718 src/common.c, src/common.h, src/crywrap/crywrap.c,
16719 src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
16720 src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
16721 src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
16722 src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
16723 src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
16724 src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
16725 tests/certder.c, tests/certificate_set_x509_crl.c,
16726 tests/certuniqueid.c, tests/chainverify-unsorted.c,
16727 tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
16728 tests/cve-2008-4989.c, tests/cve-2009-1415.c,
16729 tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
16730 tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
16731 tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
16732 tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
16733 tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
16734 tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
16735 tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
16736 tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
16737 tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
16738 tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
16739 tests/mini-overhead.c, tests/mini-record-2.c,
16740 tests/mini-record-range.c, tests/mini-record.c,
16741 tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
16742 tests/mini-termination.c, tests/mini-x509-2.c,
16743 tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
16744 tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
16745 tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
16746 tests/openpgp-auth2.c, tests/openpgp-keyring.c,
16747 tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
16748 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
16749 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
16750 tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
16751 tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
16752 tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
16753 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
16754 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
16755 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
16756 tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
16757 tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
16758 tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
16759 tests/suite/ecore/src/include/Eina.h,
16760 tests/suite/ecore/src/include/eina_accessor.h,
16761 tests/suite/ecore/src/include/eina_array.h,
16762 tests/suite/ecore/src/include/eina_benchmark.h,
16763 tests/suite/ecore/src/include/eina_binshare.h,
16764 tests/suite/ecore/src/include/eina_config.h,
16765 tests/suite/ecore/src/include/eina_convert.h,
16766 tests/suite/ecore/src/include/eina_counter.h,
16767 tests/suite/ecore/src/include/eina_cpu.h,
16768 tests/suite/ecore/src/include/eina_error.h,
16769 tests/suite/ecore/src/include/eina_file.h,
16770 tests/suite/ecore/src/include/eina_fp.h,
16771 tests/suite/ecore/src/include/eina_hamster.h,
16772 tests/suite/ecore/src/include/eina_hash.h,
16773 tests/suite/ecore/src/include/eina_inlist.h,
16774 tests/suite/ecore/src/include/eina_iterator.h,
16775 tests/suite/ecore/src/include/eina_lalloc.h,
16776 tests/suite/ecore/src/include/eina_list.h,
16777 tests/suite/ecore/src/include/eina_log.h,
16778 tests/suite/ecore/src/include/eina_magic.h,
16779 tests/suite/ecore/src/include/eina_main.h,
16780 tests/suite/ecore/src/include/eina_matrixsparse.h,
16781 tests/suite/ecore/src/include/eina_mempool.h,
16782 tests/suite/ecore/src/include/eina_module.h,
16783 tests/suite/ecore/src/include/eina_quadtree.h,
16784 tests/suite/ecore/src/include/eina_rbtree.h,
16785 tests/suite/ecore/src/include/eina_rectangle.h,
16786 tests/suite/ecore/src/include/eina_safety_checks.h,
16787 tests/suite/ecore/src/include/eina_sched.h,
16788 tests/suite/ecore/src/include/eina_str.h,
16789 tests/suite/ecore/src/include/eina_strbuf.h,
16790 tests/suite/ecore/src/include/eina_stringshare.h,
16791 tests/suite/ecore/src/include/eina_tiler.h,
16792 tests/suite/ecore/src/include/eina_trash.h,
16793 tests/suite/ecore/src/include/eina_types.h,
16794 tests/suite/ecore/src/include/eina_unicode.h,
16795 tests/suite/ecore/src/include/eina_ustrbuf.h,
16796 tests/suite/ecore/src/include/eina_ustringshare.h,
16797 tests/suite/ecore/src/lib/Ecore.h,
16798 tests/suite/ecore/src/lib/Ecore_Getopt.h,
16799 tests/suite/ecore/src/lib/ecore.c,
16800 tests/suite/ecore/src/lib/ecore_anim.c,
16801 tests/suite/ecore/src/lib/ecore_app.c,
16802 tests/suite/ecore/src/lib/ecore_events.c,
16803 tests/suite/ecore/src/lib/ecore_exe.c,
16804 tests/suite/ecore/src/lib/ecore_getopt.c,
16805 tests/suite/ecore/src/lib/ecore_glib.c,
16806 tests/suite/ecore/src/lib/ecore_idle_enterer.c,
16807 tests/suite/ecore/src/lib/ecore_idle_exiter.c,
16808 tests/suite/ecore/src/lib/ecore_idler.c,
16809 tests/suite/ecore/src/lib/ecore_job.c,
16810 tests/suite/ecore/src/lib/ecore_main.c,
16811 tests/suite/ecore/src/lib/ecore_pipe.c,
16812 tests/suite/ecore/src/lib/ecore_poll.c,
16813 tests/suite/ecore/src/lib/ecore_private.h,
16814 tests/suite/ecore/src/lib/ecore_signal.c,
16815 tests/suite/ecore/src/lib/ecore_thread.c,
16816 tests/suite/ecore/src/lib/ecore_time.c,
16817 tests/suite/ecore/src/lib/ecore_timer.c,
16818 tests/suite/ecore/src/lib/eina_accessor.c,
16819 tests/suite/ecore/src/lib/eina_array.c,
16820 tests/suite/ecore/src/lib/eina_benchmark.c,
16821 tests/suite/ecore/src/lib/eina_binshare.c,
16822 tests/suite/ecore/src/lib/eina_chained_mempool.c,
16823 tests/suite/ecore/src/lib/eina_convert.c,
16824 tests/suite/ecore/src/lib/eina_counter.c,
16825 tests/suite/ecore/src/lib/eina_cpu.c,
16826 tests/suite/ecore/src/lib/eina_error.c,
16827 tests/suite/ecore/src/lib/eina_file.c,
16828 tests/suite/ecore/src/lib/eina_fp.c,
16829 tests/suite/ecore/src/lib/eina_hamster.c,
16830 tests/suite/ecore/src/lib/eina_hash.c,
16831 tests/suite/ecore/src/lib/eina_inlist.c,
16832 tests/suite/ecore/src/lib/eina_iterator.c,
16833 tests/suite/ecore/src/lib/eina_lalloc.c,
16834 tests/suite/ecore/src/lib/eina_list.c,
16835 tests/suite/ecore/src/lib/eina_log.c,
16836 tests/suite/ecore/src/lib/eina_magic.c,
16837 tests/suite/ecore/src/lib/eina_main.c,
16838 tests/suite/ecore/src/lib/eina_matrixsparse.c,
16839 tests/suite/ecore/src/lib/eina_mempool.c,
16840 tests/suite/ecore/src/lib/eina_module.c,
16841 tests/suite/ecore/src/lib/eina_private.h,
16842 tests/suite/ecore/src/lib/eina_quadtree.c,
16843 tests/suite/ecore/src/lib/eina_rbtree.c,
16844 tests/suite/ecore/src/lib/eina_rectangle.c,
16845 tests/suite/ecore/src/lib/eina_safety_checks.c,
16846 tests/suite/ecore/src/lib/eina_sched.c,
16847 tests/suite/ecore/src/lib/eina_share_common.c,
16848 tests/suite/ecore/src/lib/eina_share_common.h,
16849 tests/suite/ecore/src/lib/eina_str.c,
16850 tests/suite/ecore/src/lib/eina_strbuf.c,
16851 tests/suite/ecore/src/lib/eina_strbuf_common.c,
16852 tests/suite/ecore/src/lib/eina_strbuf_common.h,
16853 tests/suite/ecore/src/lib/eina_stringshare.c,
16854 tests/suite/ecore/src/lib/eina_tiler.c,
16855 tests/suite/ecore/src/lib/eina_unicode.c,
16856 tests/suite/ecore/src/lib/eina_ustrbuf.c,
16857 tests/suite/ecore/src/lib/eina_ustringshare.c,
16858 tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
16859 tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
16860 tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
16861 tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c:
16864 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
16866 * lib/pkcs11.c: doc update
16868 2013-11-08 Nikos Mavrogiannopoulos <nmav@redhat.com>
16870 * lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
16871 gnutls_x509_privkey_generate() allow specifying an explicit curve.
16873 2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16875 * src/certtool-args.def, src/certtool-common.c,
16876 src/certtool-common.h, src/certtool.c: enable --outder for certtool
16877 --dh-info "certool --dh-info --outder" produces PEM-encoded output without
16880 2013-11-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16882 * src/certtool-args.def, src/certtool-common.c: enable --inder for
16883 certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
16884 without this patch.
16886 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16890 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16892 * doc/manpages/tpmtool.1: doc update
16894 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16896 * lib/gnutls_errors.c: doc update
16898 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16900 * configure.ac: use srcdir as prefix
16902 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16904 * configure.ac: removed unneeded command
16906 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16908 * configure.ac: print the flags used for libopts
16910 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16912 * configure.ac: delete libopts generated files if system libopts is
16915 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
16917 * lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
16918 lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h:
16919 separated the TLS IV size and the cipher IV size.
16921 2013-11-06 Nikos Mavrogiannopoulos <nmav@redhat.com>
16923 * configure.ac, src/libopts/Makefile.am: fixes in libopts
16926 2013-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16928 * Makefile.am: make sure that .def files will be re-read on the
16931 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16933 * src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
16934 src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
16935 src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
16936 src/libopts/compat/strchr.c, src/libopts/configfile.c,
16937 src/libopts/genshell.c, src/libopts/genshell.h,
16938 src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
16939 src/libopts/option-value-type.h,
16940 src/libopts/option-xat-attribute.c,
16941 src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
16942 src/libopts/proto.h, src/libopts/streqvcmp.c,
16943 src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
16946 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16948 * src/certtool-cfg.c: better logging
16950 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16952 * lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
16955 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16957 * lib/x509/x509_dn.c: removed debugging info
16959 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16961 * lib/gnutls_priority.c: do not set any default level
16963 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16965 * lib/gnutls_priority.c: Assign very weak level to priority string
16968 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16970 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
16971 doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
16972 doc/invoke-srptool.texi: doc update
16974 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16976 * .gitignore: ignore auto-generated files
16978 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16980 * src/libopts/Makefile.am, src/libopts/ag-char-map.h,
16981 src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
16982 src/libopts/autoopts.c, src/libopts/autoopts.h,
16983 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
16984 src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
16985 src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
16986 src/libopts/genshell.c, src/libopts/genshell.h,
16987 src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
16988 src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
16989 src/libopts/option-value-type.c, src/libopts/option-value-type.h,
16990 src/libopts/option-xat-attribute.c,
16991 src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
16992 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
16993 src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
16994 src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18
16996 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
16998 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
16999 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
17000 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
17001 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
17002 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
17003 src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
17004 src/tpmtool-args.h: removed autogenerated files
17006 2013-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17008 * configure.ac, src/Makefile.am: If autogen and libopts are present
17009 then use the system's libopts.
17011 2013-11-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17013 * src/args-std.def, src/certtool-args.def, src/cli-args.def,
17014 src/danetool-args.def, src/psk-args.def, src/srptool-args.def:
17015 argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
17016 documentation places two dots (for example "specify a password
17017 file.." in srptool(1)). Most of the descriptions are declared properly (without a trailing
17018 dot), but this patch should clean up the rest. After this commit, any auto-generated documentation that is
17019 committed to git will probably will also need to be refreshed (or
17020 removed from git entirely and generated from the definitions during
17021 build, which might be cleaner).
17023 2013-11-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17025 * src/tests.c: fix DHE parameter output for gnutls-cli-debug
17026 --verbose gnutls_handshake() was failing during test_dhe_group, with an error
17027 of GNUTLS_E_NO_PRIORITIES_WERE_SET. Adding this call fixes the
17028 handshake so that DHE group details can be printed when requested. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17030 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17032 * src/benchmark-tls.c, tests/mini-deflate.c,
17033 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
17034 tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
17035 tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
17038 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17040 * lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
17041 a warning as it is the same as not setting it. Reported by Daniel
17044 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17048 2013-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17050 * src/certtool.c: Do not print private key parameters when exporting
17051 an encrypted private key.
17053 2013-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17055 * src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.
17057 2013-05-21 Stef Walter <stefw@redhat.com>
17059 * configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple
17060 callers of the same PKCS#11 module correctly. This increases the necessary p11-kit to 0.19.1 or later.
17062 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17064 * cross.mk: updated win32 makefile
17066 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17068 * tests/cert-tests/pem-decoding: win32 fix
17070 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17072 * src/pkcs11.c: include proper header file for uint8_t
17074 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17076 * NEWS: released 3.2.6
17078 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17080 * doc/invoke-certtool.texi, src/certtool-args.c,
17081 src/certtool-args.def, src/certtool-args.h: corrected example
17083 2013-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17085 * lib/gnutls_record.c: debug_log -> record_log
17087 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17089 * lib/gnutls_record.c: Duplicate messages moved from audit log to
17090 debug log. There are networks where this is extremely common.
17092 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17094 * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
17096 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17098 * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
17099 doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
17100 doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi:
17101 replaced ':' in anchor names (texinfo doesn't like it).
17103 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17105 * doc/cha-upgrade.texi: doc update
17107 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17109 * lib/pkcs11_write.c: simplified code
17111 2013-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17113 * NEWS, configure.ac, m4/hooks.m4: bumped version
17115 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17117 * build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4,
17118 gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
17119 gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4,
17120 gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
17121 gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h,
17122 gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
17123 gl/tests/getdtablesize.c, gl/tests/inttypes.in.h,
17124 gl/tests/macros.h, gl/tests/strerror-override.h,
17125 gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c,
17126 gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h,
17127 gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib.
17129 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17131 * libdane/dane.c: Removed unused parameter.
17133 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17135 * tests/suite/testdane: Better DANE test output.
17137 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17139 * libdane/dane.c: reindented code
17141 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17143 * libdane/dane.c: Reorganized main loop in dane_raw_tlsa
17145 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17147 * src/danetool.c: Added proper newlines to errors.
17149 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17151 * doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update
17153 2013-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17155 * lib/accelerated/cryptodev.c: corrected typo
17157 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17159 * .gitignore, tests/suite/Makefile.am,
17160 tests/suite/ciphersuite/README,
17161 tests/suite/ciphersuite/registry-ciphers.js,
17162 tests/suite/ciphersuite/registry-ciphers.xslt,
17163 tests/suite/ciphersuite/scan-gnutls.sh,
17164 tests/suite/ciphersuite/test-ciphers.js,
17165 tests/suite/ciphersuite/test-ciphersuites.sh,
17166 tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test
17168 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17170 * tests/mini-handshake-timeout.c: Added a proper termination of
17171 session to avoid issues with premature termination.
17173 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17175 * configure.ac, tests/dtls/Makefile.am: we now explicitly check for
17178 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17180 * tests/cert-tests/Makefile.am, tests/dsa/Makefile.am,
17181 tests/dtls/Makefile.am, tests/ecdsa/Makefile.am,
17182 tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am,
17183 tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am,
17184 tests/pkcs8-decode/Makefile.am,
17185 tests/rsa-md5-collision/Makefile.am,
17186 tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am,
17187 tests/slow/Makefile.am, tests/srp/Makefile.am,
17188 tests/suite/Makefile.am, tests/userid/Makefile.am: use the same
17189 environment in all tests
17191 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17193 * tests/cert-tests/pem-decoding: removed unneeded diff option
17195 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17197 * tests/cert-tests/aki, tests/cert-tests/dane,
17198 tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now
17199 a parameter allowing to override it.
17201 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17203 * tests/Makefile.am: LC_ALL is set to C to have predictable outputs
17206 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17208 * tests/mini-handshake-timeout.c: simplified test
17210 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17212 * NEWS: updated doc
17214 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17216 * lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and
17219 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17221 * doc/invoke-p11tool.texi: p11tool text updated.
17223 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17225 * doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
17226 doc/examples/print-ciphersuites.c: removed warnings
17228 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17230 * src/cli.c: removed warnings
17232 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17234 * NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules
17235 via trousers is now enabled by default.
17237 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17241 2013-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17243 * src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h,
17244 src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option
17245 --generate-random to p11tool.
17247 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17249 * lib/algorithms/publickey.c, lib/algorithms/sign.c,
17250 lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures.
17252 2013-10-24 Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
17254 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
17255 lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11
17256 tokens Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
17258 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17260 * lib/algorithms/publickey.c: Added new fallback OID for RSA
17263 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17265 * lib/algorithms/ciphersuites.c: Corrected number in
17266 GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to
17267 this ciphersuite. However {0xC0,0x8D} should be a typo as it is used
17268 by another ciphersuite in the same document.
17270 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17272 * lib/algorithms/ciphersuites.c: Corrected the naming of several PSK
17275 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17279 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17281 * lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name
17282 were renamed to ARCFOUR_128
17284 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17286 * NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites
17287 GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and
17288 GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384.
17290 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17292 * NEWS: updated doc
17294 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17296 * lib/algorithms/secparams.c: Increased minimum acceptable DH key to
17299 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17301 * tests/priorities.c: updated priorities for new ciphersuites
17303 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17305 * cross.mk: updated
17307 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17311 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17313 * lib/algorithms/ciphersuites.c: Added ciphersuite
17314 GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384
17316 2013-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17318 * tests/chainverify.c: Applied small patch by Jeremie
17319 Courreges-Anglas to avoid usage of error().
17321 2013-10-24 Alon Bar-Lev <alon.barlev@gmail.com>
17323 * src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
17324 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17326 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17328 * lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2
17329 or better to TLS1.0 or later.
17331 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17333 * lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into
17334 the default priority levels, and prioritized GCM over CBC
17337 2013-10-23 Christian Grothoff <christian@grothoff.org>
17339 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option
17340 DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key
17341 entirely when initializing a dane_state_t. This is a useful optimization if the DANE/TLSA data is initialized
17342 from a source other than libunbound/DNS, as then the DNSSEC root key
17343 would not be used anyway. Worse, if we failed to read the DNSSEC
17344 root key, this would create a failure even though for applications
17345 that do not use DNSSEC (but do use DANE/TLSA) such a failure would
17346 be totally harmless.
17348 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17350 * NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi,
17351 doc/manpages/Makefile.am, doc/scripts/mytexi2latex,
17352 src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small
17353 changes prior to release
17355 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17357 * tests/priorities.c: corrected ciphersuite numbers in priorities
17359 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17361 * libdane/dane.c: corrected libdane doc
17363 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17365 * lib/includes/gnutls/gnutls.h.in: Added description for umac
17367 2013-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17369 * m4/hooks.m4: bumped version
17371 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17373 * lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
17374 lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context.
17376 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17380 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17382 * lib/algorithms/ciphersuites.c: rearrangement
17384 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17386 * lib/algorithms/ciphersuites.c: Removed the _WITH_ from
17387 ciphersuites names.
17389 2013-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17391 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
17392 lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am,
17393 lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
17394 lib/nettle/gcm-camellia.h: Added Camellia with GCM
17396 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17398 * lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia
17399 ciphersuites from RFC6367.
17401 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17403 * lib/algorithms/ciphersuites.c: Added HMAC-based Camellia
17404 ciphersuites from RFC6367.
17406 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17408 * lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from
17409 RFC5932. Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
17410 GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
17411 GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
17412 GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
17413 GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
17414 GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
17415 GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
17416 GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256.
17418 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17420 * lib/algorithms/ciphersuites.c: Added more ciphersuites from
17421 RFC5487. Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384,
17422 GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384,
17423 GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
17424 GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
17425 GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
17426 GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256,
17427 GNUTLS_RSA_PSK_NULL_SHA384.
17429 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17431 * lib/algorithms/ciphersuites.c: Added new ciphersuites from
17432 RFC5288. Added GNUTLS_RSA_AES_256_GCM_SHA384,
17433 GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384
17434 and GNUTLS_DH_ANON_AES_256_GCM_SHA384.
17436 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17440 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17442 * src/certtool-cfg.c: corrected type of path_len
17444 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17446 * libdane/libdane.map: exported symbols
17448 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17450 * NEWS, libdane/dane.c: small fixes
17452 2013-10-21 Christian Grothoff <christian@grothoff.org>
17454 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
17455 dane_verify_crt_raw to allow direct verification of a certificate
17456 chain against a dane_query_t (for example, as provided by the new
17457 dane_raw_tlsa). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17459 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17461 * m4/hooks.m4: bumped dane library version
17463 2013-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17467 2013-10-21 Christian Grothoff <christian@grothoff.org>
17469 * libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
17470 dane_raw_tlsa to allow initialization of dane_query_t from DANE
17471 records based on external DNS resolutions. Also fixing a buffer
17472 overflow. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17474 2013-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17476 * lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in,
17477 po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
17478 po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in,
17479 tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
17480 tests/cert-tests/ca-no-pathlen.pem,
17481 tests/cert-tests/complex-cert.pem,
17482 tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c:
17483 Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some
17484 places (e.g. in the output of "certtool -i"), and "Public Key ID" in
17485 other places (e.g. in the output of "certtool -k"). This changeset standardizes on "Public Key ID", making the output
17486 consistent across uses. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17488 2013-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17490 * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added
17491 gnutls_certificate_get_crt_raw() to return the raw certificate as
17492 present in the credentials structure.
17494 2013-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17496 * doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected
17499 2013-10-09 Ludovic Courtès <ludo@gnu.org>
17501 * guile/modules/gnutls/build/priorities.scm, guile/src/core.c:
17502 guile: Fix possible stack overflows.
17504 2013-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17506 * doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c,
17507 src/srptool.c: Corrected possible buffer overruns in included
17508 programs and examples. Corrected possible buffer overruns in included programs and
17509 examples. Reported by Pedro Ribeiro <pedrib@gmail.com>.
17511 2013-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17513 * NEWS: corrected typo
17515 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17519 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17521 * doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h:
17522 autogen'ed files update
17524 2013-10-04 Attila Molnar <attilamolnar@hush.com>
17526 * src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00
17527 2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
17528 2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when
17529 an invalid group parameter index is given If no group with the given index was found in the password conf file
17530 srptool crashed instead of reporting the error because the return
17531 value of fgets() wasn't validated before it was passed to atoi(). Signed-off-by: Attila Molnar <attilamolnar@hush.com>
17533 2013-10-04 Attila Molnar <attilamolnar@hush.com>
17535 * src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00
17536 2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
17537 2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to
17538 add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar <attilamolnar@hush.com>
17540 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17542 * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
17543 src/cli-args.h: doc update
17545 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17549 2013-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17551 * doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h:
17552 autogen'ed files update
17554 2013-10-03 Raj Raman <rajramanca@gmail.com>
17556 * src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline
17557 command infrastructure in gnutls-cli Signed-off-by: Raj Raman <rajramanca@gmail.com>
17559 2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17561 * tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of
17564 2013-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17566 * configure.ac, m4/hooks.m4: bumped version
17568 2013-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17570 * lib/tpm.c: include config.h in tpm.c
17572 2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17574 * doc/TODO: updated
17576 2013-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17578 * po/it.po.in: Sync with TP.
17580 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17584 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17586 * lib/algorithms/secparams.c: define subgroup bits for the weak and
17587 export parameters, to allow DH group generation.
17589 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17591 * doc/cha-gtls-app.texi: document the version macros
17593 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17595 * doc/cha-tokens.texi: doc update
17597 2013-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17599 * src/tests.c: verbose is everywhere unsigned
17601 2013-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17605 2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17607 * lib/x509/verify-high.c: removed limitation as this has been
17610 2013-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17612 * doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update
17614 2013-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17616 * doc/TODO: doc update
17618 2013-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17620 * lib/gnutls_cipher.c: doc update
17622 2013-09-15 Ludovic Courtès <ludo@gnu.org>
17624 * guile/src/Makefile.am: guile: Use intermediary files when
17627 2013-09-15 Ludovic Courtès <ludo@gnu.org>
17629 * guile/src/Makefile.am: guile: Make builds parallel-safe. Reported by Andreas Metzler <ametzler@bebt.de>.
17631 2013-09-10 Tobias Polzer <tobias.polzer@fau.de>
17633 * lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for
17634 gnutls_srp_set_server_credentials_function. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17636 2013-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17638 * src/Makefile.am: libopts is linked prior to libgnu to solve issue
17639 in win32. Initial patch by Tomasz Gajewski.
17641 2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17643 * tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in()
17644 and gnutls_handshake_get_last_out() for correctness.
17646 2013-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17648 * src/tests.c: Ignore non-fatal handshake alerts.
17650 2013-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17652 * tests/suite/mini-record-timing.c: silence warning about return
17655 2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17657 * lib/gnutls_cipher_int.c: updates in record packet encoding.
17659 2013-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17661 * tests/mini-record-2.c: Test the null cipher as well.
17663 2013-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17665 * lib/gnutls_cipher.c: added comments
17667 2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17669 * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
17670 gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
17671 gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
17672 Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857.
17674 2013-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17676 * src/certtool-common.c, src/certtool-extras.c, src/certtool.c,
17677 src/danetool.c, src/ocsptool-common.c, src/ocsptool.c,
17678 src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using
17681 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17683 * tests/record-sizes.c: record-sizes can only work properly with a
17686 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17688 * lib/gnutls_int.h: corrected max_user_send_size() for DTLS.
17690 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17692 * tests/mini-record-2.c: test for excessive records being correctly
17695 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17697 * lib/gnutls_cipher.c, lib/gnutls_cipher.h,
17698 lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c,
17699 lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int()
17700 accepts the actual pad rather than the intended data. Corrections in
17701 sending records with %NEW_PADDING.
17703 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17705 * .gitignore: more files to ignore
17707 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17709 * gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
17710 gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
17711 gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h:
17714 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17716 * tests/suite/testdane: removed dane.nox.su from the good list
17718 2013-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17720 * lib/gnutls_global.c: explicitly initialize the log functions
17722 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17724 * tests/Makefile.am, tests/mini-record-2.c: Added test to send
17725 variable packet sizes.
17727 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17729 * lib/gnutls_priority.c: doc update
17731 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17733 * lib/gnutls_cipher.c: simplified pad calculation
17735 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17737 * doc/cha-shared-key.texi: mention RSA-PSK
17739 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17741 * lib/auth/rsa_psk.c: author update
17743 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17745 * lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c:
17746 Improvements in RSA-PSK.
17748 2013-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17750 * NEWS, m4/hooks.m4: released 3.2.4
17752 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17754 * lib/auth/Makefile.am: added missing file
17756 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17758 * lib/auth/rsa_psk.c: indented code
17760 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17764 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17766 * tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for
17767 RSA-PSK key exchange.
17769 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17771 * lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h,
17772 lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c:
17773 Optimizations in RSA-PSK by removing unneeded code.
17775 2013-06-29 Frank Morgner <morgner@informatik.hu-berlin.de>
17777 * lib/algorithms.h, lib/algorithms/ciphersuites.c,
17778 lib/algorithms/kx.c, lib/algorithms/publickey.c,
17779 lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c,
17780 lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h,
17781 lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
17782 lib/gnutls_int.h, lib/gnutls_state.c,
17783 lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in
17784 e3c245b951530a92fc610a130faf167a37461073
17785 f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20
17787 2013-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17789 * lib/gnutls_priority.c: arcfour is restored in the top of the
17790 performance priority.
17792 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17794 * tests/mini-cert-status.c: removed unused function
17796 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17798 * tests/Makefile.am, tests/mini-cert-status.c: Added test to verify
17799 the correct operation of gnutls_certificate_server_set_request().
17801 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17805 2013-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17807 * lib/gnutls_int.h: Corrected
17808 gnutls_certificate_server_set_request().
17810 2013-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17812 * po/vi.po.in: Sync with TP.
17814 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17818 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17820 * tests/resume.c: Try 3 resumption attempts and try also session db
17823 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17825 * lib/gnutls_handshake.c: only register current session when not
17828 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17830 * lib/gnutls_db.c: do not duplicate tests for null.
17832 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17834 * src/serv.c: remove ifdefs for session tickets
17836 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17840 2013-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17842 * lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by
17845 2013-08-18 Stefan Bühler <stbuehler@web.de>
17847 * lib/algorithms/ciphersuites.c, tests/priorities.c: add some
17848 RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges
17850 2013-08-18 Stefan Bühler <stbuehler@web.de>
17852 * tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c,
17853 tests/mini-alpn.c, tests/mini-deflate.c,
17854 tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c,
17855 tests/mini-dtls-large.c, tests/mini-dtls-record.c,
17856 tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
17857 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
17858 tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
17859 tests/mini-loss-time.c, tests/mini-overhead.c,
17860 tests/mini-record-range.c, tests/mini-record.c,
17861 tests/mini-rehandshake.c, tests/mini-termination.c,
17862 tests/mini-x509-2.c, tests/mini-x509-callbacks.c,
17863 tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c,
17864 tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c,
17865 tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c,
17866 tests/resume-dtls.c, tests/resume.c,
17867 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
17868 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
17869 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
17870 tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
17871 tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c:
17872 fix transport parameter casts in tests
17874 2013-08-24 Andreas Metzler <ametzler@downhill.at.eu.org>
17876 * tests/sha2/sha2: Clean up after test.
17878 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17880 * tests/cert-tests/pem-decoding: Corrected access of temp file.
17881 Reported by Thomas Witt.
17883 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17885 * doc/cha-gtls-app.texi: No longer recommend the use of RC4
17887 2013-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17889 * lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h,
17890 lib/gnutls_priority.c: AES-GCM is preferred always
17892 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17894 * configure.ac, m4/hooks.m4: bumped version
17896 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17898 * NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
17899 lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c,
17900 src/certtool.c, src/cli-debug.c, src/cli.c,
17901 src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c,
17902 src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
17903 src/srptool.c, src/tpmtool.c: included programs no longer depend on
17904 GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion
17907 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17909 * .gitignore: more files to ignore
17911 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
17913 * cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
17914 gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
17915 gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
17916 gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
17917 gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h,
17918 gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h,
17919 gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
17920 gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
17921 gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
17922 gl/dirname.h, gl/dosname.h, gl/dup2.c, gl/errno.in.h, gl/error.c,
17923 gl/error.h, gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h,
17924 gl/float.c, gl/float.in.h, gl/fpucw.h, gl/frexp.c, gl/frexpl.c,
17925 gl/fseek.c, gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c,
17926 gl/ftell.c, gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c,
17927 gl/getdelim.c, gl/getline.c, gl/getopt.c, gl/getopt.in.h,
17928 gl/getopt1.c, gl/getopt_int.h, gl/getpass.c, gl/getpass.h,
17929 gl/getpeername.c, gl/getsubopt.c, gl/gettext.h, gl/gettimeofday.c,
17930 gl/hash-pjw-bare.c, gl/hash-pjw-bare.h, gl/inet_ntop.c,
17931 gl/inet_pton.c, gl/intprops.h, gl/isnan.c, gl/isnand-nolibm.h,
17932 gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c, gl/isnanl-nolibm.h,
17933 gl/isnanl.c, gl/itold.c, gl/listen.c, gl/lseek.c,
17934 gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4,
17935 gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
17936 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4,
17937 gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
17938 gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
17939 gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
17940 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
17941 gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4,
17942 gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
17943 gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4,
17944 gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4,
17945 gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4,
17946 gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4,
17947 gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h,
17948 gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
17949 gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
17950 gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
17951 gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
17952 gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
17953 gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
17954 gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c,
17955 gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c,
17956 gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c,
17957 gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c,
17958 gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c,
17959 gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
17960 gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
17961 gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
17962 gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c,
17963 gl/strchrnul.valgrind, gl/strdup.c, gl/strerror-override.c,
17964 gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
17965 gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c,
17966 gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
17967 gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
17968 gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
17969 gl/tests/Makefile.am, gl/tests/dosname.h, gl/tests/fpucw.h,
17970 gl/tests/infinity.h, gl/tests/intprops.h, gl/tests/malloca.c,
17971 gl/tests/malloca.h, gl/tests/malloca.valgrind,
17972 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c,
17973 gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c,
17974 gl/tests/strerror-override.c, gl/tests/strerror-override.h,
17975 gl/tests/strerror.c, gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
17976 gl/tests/test-dirent.c, gl/tests/test-environ.c,
17977 gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c,
17978 gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
17979 gl/tests/test-fseterr.c, gl/tests/test-getopt.c,
17980 gl/tests/test-getopt.h, gl/tests/test-getopt_long.h,
17981 gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
17982 gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
17983 gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
17984 gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
17985 gl/tests/test-math.c, gl/tests/test-printf-frexp.c,
17986 gl/tests/test-printf-frexpl.c, gl/tests/test-printf-posix.h,
17987 gl/tests/test-printf-posix.output, gl/tests/test-rawmemchr.c,
17988 gl/tests/test-setenv.c, gl/tests/test-signbit.c,
17989 gl/tests/test-sleep.c, gl/tests/test-strchrnul.c,
17990 gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
17991 gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
17992 gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
17993 gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
17994 gl/tests/unsetenv.c, gl/time.in.h, gl/time_r.c, gl/u64.h,
17995 gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
17996 gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c,
17997 gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c,
17998 gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, src/certtool.c,
17999 src/cli-debug.c, src/cli.c, src/danetool.c, src/ocsptool-common.c,
18000 src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
18001 src/srptool.c, src/tpmtool.c: gnulib only contains lgplv2 modules
18003 2013-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18005 * po/de.po.in, po/vi.po.in: Sync with TP.
18007 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18009 * src/pkcs11.c: removed unused code
18011 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18013 * src/pkcs11.c: Do not try to parse arbitrary objects as
18016 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18018 * lib/gnutls_handshake.c: don't ignore errors when copying
18021 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18023 * doc/cha-gtls-app.texi: mention that new padding is currently a
18026 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18028 * configure.ac, src/libopts/makeshell.c: do not require localtime
18030 2013-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18032 * cross.mk: added mkdir
18034 2013-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18036 * lib/gnutls_constate.c: inverse check for cipher ok and priority.
18038 2013-08-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18040 * lib/gnutls_record.c: documented parameters
18042 2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18044 * lib/gnutls_priority.c: no need to keep separate priority lists for
18045 export ciphersuites (they are no longer available).
18047 2013-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18049 * NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS
18050 priority string option.
18052 2013-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18054 * NEWS: released 3.2.3
18056 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18060 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18062 * lib/gnutls_record.c: allow empty fragments with padding.
18064 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18066 * tests/record-sizes-range.c: corrected test
18068 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18070 * tests/Makefile.am, tests/record-sizes-range.c: Added test for the
18071 range functionality.
18073 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18075 * lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead
18076 calculation in AEAD ciphers.
18078 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18080 * configure.ac: Correctly report unicode status in win32 API
18082 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18084 * lib/Makefile.am: correctly link with librt when needed.
18086 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18088 * configure.ac, lib/Makefile.am, lib/system.c: link with libiconv
18091 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18095 2013-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18097 * build-aux/snippet/unused-parameter.h, configure.ac,
18098 gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
18099 gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
18100 gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf,
18101 gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf,
18102 gl/iconv_open-solaris.gperf, gl/iconv_open.c,
18103 gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4,
18104 gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4,
18105 gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
18106 gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
18107 gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4,
18108 gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h,
18109 gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c,
18110 gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
18111 gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
18112 gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
18113 gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
18114 gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
18115 gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
18116 gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
18117 gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
18118 gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib
18119 components. This removes the gnulib iconv, and uses libc or libiconv if needed.
18121 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18123 * NEWS: released 3.2.3pre0
18125 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18127 * doc/Makefile.am, doc/manpages/Makefile.am: Added new functions
18129 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18131 * NEWS, configure.ac, m4/hooks.m4: bumped version
18133 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18135 * lib/gnutls_int.h, lib/gnutls_record.h: use common macros to
18136 calculate the overhead.
18138 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18140 * lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
18141 lib/gnutls_constate.c, lib/gnutls_constate.h,
18142 lib/gnutls_extensions.c, lib/gnutls_extensions.h,
18143 lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake
18144 function is now called before epoch change. This allows enabling certain features, such as the new record
18145 padding, prior to exchanging finished messages.
18147 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18149 * tests/record-sizes.c: test sending and receiving the maximum
18150 allowed TLS buffer size.
18152 2013-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18154 * configure.ac: corrected guile-site-dir option. Patch by Steve
18157 2013-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18159 * lib/gnutls_record.h: Do not count pad and MAC as received data.
18161 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18163 * lib/gnutls_record.c: simplified decrypted data allocation.
18165 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18169 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18171 * lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h:
18172 small optimizations.
18174 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18176 * lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility
18177 mode allow for larger record sizes than the maximum.
18179 2013-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18181 * tests/Makefile.am, tests/mini.c, tests/record-sizes.c: Updated
18184 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18186 * src/libopts/ag-char-map.h: Applied Bruce Korb's fix on
18187 unacceptable chars.
18189 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18191 * src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
18192 configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88.
18194 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18196 * tests/priorities.c: test also the number of ciphers.
18198 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18200 * NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
18201 lib/libgnutls.map: Added helper functions to export the available
18202 ciphers in a priority structure
18204 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18208 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18210 * tests/Makefile.am, tests/priorities.c: Added a test that checks
18211 whether the priorities behave as expected (depends on the supported
18212 ciphersuite numbers)
18214 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18216 * lib/gnutls_priority.c: When adding a bulk of priorities make sure
18217 they don't replace the whole list. Reported by Stefan Buehler.
18219 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18221 * doc/cha-gtls-app.texi: doc update
18223 2013-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18225 * doc/cha-gtls-app.texi: updated doc
18227 2013-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18229 * src/libopts/ag-char-map.h: Ignore non-ascii characters in
18230 configuration file. This is a quick fix for
18232 http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html
18234 2013-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18236 * Makefile.am: make sure that the .info files are as new as the pdfs
18239 2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18241 * doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509
18242 server example updated to include OCSP stapling
18244 2013-07-16 Matt Whitlock <matt@whitlock.name>
18246 * lib/gnutls_buffers.c: avoid leaking a buffer element when
18247 _gnutls_stream_read returns 0
18249 2013-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18251 * lib/gnutls_x509.c: doc update
18253 2013-07-17 Stefan Bühler <stbuehler@web.de>
18255 * lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1"
18256 misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps
18257 other functions) assumes the list to be zero terminated. Make prio_remove zero the element at the end, and use the actual
18258 length of the list in prio_add. Relying on the trailing zero will fail if the list is full, and
18259 might lead to invalid memory accesses as the loop won't stop until
18260 it finds either the algorithm identifier or 0.
18262 2013-07-17 Adam Sampson <ats@offog.org>
18264 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
18265 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
18266 tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair
18267 on _WIN32. socketpair isn't provided on Windows, so these tests should just
18268 exit 77. Note that resume-dtls.c already had a guard like this -- I've
18269 rewritten it to match the others, but socketpair (presumably!) isn't
18270 the only reason that test is disabled on Win32. Signed-off-by: Adam Sampson <ats@offog.org>
18272 2013-07-16 Adam Sampson <ats@offog.org>
18274 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
18275 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
18276 tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP
18277 connections. Besides simplifying the code, this also makes it possible to run
18278 "make check" in parallel -- previously this didn't work because
18279 several tests were trying to bind the same port. Signed-off-by: Adam Sampson <ats@offog.org>
18281 2013-07-16 Adam Sampson <ats@offog.org>
18283 * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
18284 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
18285 tests/x509dn.c, tests/x509self.c: Detect socket() error responses
18286 correctly. The code was testing the wrong variable... Signed-off-by: Adam Sampson <ats@offog.org>
18288 2013-07-16 Adam Sampson <ats@offog.org>
18290 * doc/scripts/gdoc: Avoid depending on hash order in gdoc. Previously, gdoc had a hash of regexp replacements for each output
18291 format, and applied the replacements in the order that "keys"
18292 returned for the hash. However, not all orders are safe -- and now
18293 that Perl 5.18 randomises hash order per-process, it only worked
18294 sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
18295 #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
18296 #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
18297 @code{gnutls_session_t} structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
18298 @code{gnutls_session_t} structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
18299 #gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
18300 #gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
18301 @code{gnutls_session_t} structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
18302 @code{code} {gnutls_session_t} structure.' This patch turns the hash into a list, so the replacements will
18303 always be done in the intended order. Signed-off-by: Adam Sampson <ats@offog.org>
18305 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18307 * tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c,
18308 tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c,
18309 tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under
18310 reliable transports to avoid unexpected packet loss.
18312 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18314 * lib/Makefile.am: Link with librt when needed. Reported by Joern
18317 2013-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18319 * lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
18320 lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need
18321 for the additional version variable.
18323 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18325 * cross.mk: updated w32 makefile
18327 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18329 * build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c,
18330 gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4,
18331 gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4,
18332 gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4,
18333 gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h,
18334 gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c,
18335 gl/tests/ignore-value.h, gl/tests/malloca.c,
18336 gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c,
18337 gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c,
18338 gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk:
18341 2013-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18343 * NEWS: released 3.2.2
18345 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18347 * lib/gnutls_global.c: doc update
18349 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18351 * lib/includes/gnutls/gnutls.h.in: typo fix
18353 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18355 * src/common.c: gnutls-cli -l prints the supported digest algorithms
18358 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18360 * lib/gnutls_handshake.c: corrected return value.
18362 2013-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18364 * configure.ac: Check for nanosleep in librt, when not in libc.
18365 Reported by Joern Clausen.
18367 2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18369 * lib/gnutls_int.h: corrected typo
18371 2013-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18373 * README-alpha: updated
18375 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18377 * lib/gnutls_int.h: try to reduce memory in internal structure
18379 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18381 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
18382 lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
18383 tests/mini-x509-callbacks.c: Allow hooks to be called before or
18384 after generation/receiving.
18386 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18388 * lib/gnutls_handshake.c, lib/gnutls_state.c,
18389 lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function,
18390 to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba.
18392 2013-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18396 2013-07-10 Gustavo Zacarias <gustavo@zacarias.com.ar>
18398 * lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes
18399 and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build
18400 failures. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
18402 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18404 * lib/algorithms/mac.c: doc update
18406 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18410 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18414 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18416 * lib/gnutls_handshake.c: make sure that the hook function is always
18419 2013-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18421 * doc/Makefile.am, doc/manpages/Makefile.am: New functions added
18423 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18425 * configure.ac, m4/hooks.m4: bumped version
18427 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18429 * lib/gnutls_handshake.c: When resuming a session send only the
18430 mandatory extensions. That will make server behavior to conform to TLS RFC. Reported by
18433 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18435 * lib/ext/srtp.c: corrected typo
18437 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18441 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18443 * lib/ext/srtp.c: Include MKI size in size calculations for the
18444 extension. This prevents a parsing error when MKI is being used. Reported by
18447 2013-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18449 * src/benchmark.h: Fix for NetBSD systems that do not have
18450 CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner.
18452 2013-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18454 * src/certtool.c: make sure that a valid number of days is entered
18456 2013-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18458 * doc/DCO.txt: Added DCO
18460 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18462 * lib/libgnutls.map: added new functions
18464 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18466 * tests/mini-dtls-hello-verify.c: simplified structure
18468 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18470 * lib/gnutls_handshake.c: corrected issue in client hello verify.
18472 2013-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18474 * NEWS, lib/algorithms/mac.c, lib/gnutls_int.h,
18475 lib/includes/gnutls/gnutls.h.in: Added helper functions for digests.
18477 2013-07-04 Stef Walter <stefw@redhat.com>
18479 * lib/pkcs11.c: pkcs11: Use the correct attribute length for
18480 CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
18481 are done with the attribute byte values, we need to get the length
18482 exactly right. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
18484 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18486 * tests/mini-x509-callbacks.c: updated for new callback format
18488 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18490 * lib/gnutls_priority.c: corrected typo
18492 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18494 * .gitignore: more files to ignore
18496 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18498 * lib/gnutls_dtls.c: doc update
18500 2013-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18502 * lib/gnutls_priority.c: when removing a cipher priority, make sure
18505 2013-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18507 * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in:
18508 gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size
18510 2013-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18512 * lib/crypto-api.c: doc update
18514 2013-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18516 * po/eo.po.in, po/fi.po.in: Sync with TP.
18518 2013-06-28 Ludovic Courtès <ludo@gnu.org>
18520 * guile/src/core.c: guile: Keep a weak reference on objects
18521 aggregated by other objects. Before, in cases such as `set-anonymous-server-dh-parameters!' where
18522 the C object beneath CRED keeps a pointer to the C object beneath
18523 DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading
18524 to the destruction of the underlying C object. Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.
18526 2013-06-28 Ludovic Courtès <ludo@gnu.org>
18528 * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
18529 guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather
18530 than `fileno'. This has no practical impact, but it's a better way to express that
18531 we don't want the file descriptors closed behind our back.
18533 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18535 * doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT
18537 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18539 * doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib:
18540 documented private extensions
18542 2013-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18544 * lib/gnutls_handshake.c, lib/gnutls_state.c,
18545 lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply
18546 only to post-processing or generation of messages.
18548 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18550 * lib/gnutls_record.c: documented dtls behavior.
18552 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18554 * lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU
18556 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18558 * tests/mini-dtls-large.c: make sure that no DTLS MTU size can
18561 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18563 * lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle
18564 dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b.
18566 2013-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18568 * tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify
18569 whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets
18571 2013-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18573 * po/cs.po.in: Sync with TP.
18575 2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18577 * lib/gnutls_dh_primes.c: check for zero values when import DH
18580 2013-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18582 * po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in:
18585 2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18589 2013-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18591 * NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c,
18592 lib/gnutls_int.h, lib/gnutls_state.c,
18593 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
18594 tests/mini-x509-callbacks.c: Added
18595 gnutls_handshake_set_hook_function() to allow hooks on arbitrary
18596 handshake messages.
18598 2013-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18600 * doc/announce.txt: added BCC to avoid forgetting it in the future
18602 2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18604 * doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update
18606 2013-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18608 * NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c,
18609 lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in,
18610 lib/libgnutls.map: avoid the introduction of a new function to
18611 disable replay protection.
18613 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18615 * tests/suite/testcompat-main: changed port to avoid conflicts
18617 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18619 * tests/mini-overhead.c: small update
18621 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18623 * src/cli.c: removed unused var
18625 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18627 * src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool
18630 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18632 * NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in,
18633 lib/libgnutls.map: Added gnutls_record_overhead_size() and Added
18634 gnutls_record_overhead_size2().
18636 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18638 * lib/gnutls_state.c: doc update
18640 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18642 * NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
18643 lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay
18644 protection can now be disabled.
18646 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18648 * lib/gnutls_state.c: doc update
18650 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18652 * NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h,
18653 lib/libgnutls.map: Added gnutls_cipher_get_tag_size().
18655 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18657 * NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
18658 lib/libgnutls.map: Added gnutls_certificate_set_trust_list().
18660 2013-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18662 * lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
18663 lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
18664 lib/gnutls_sig.c: explicit tests for non-null version
18666 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18668 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo
18670 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18672 * .gitignore: more files to ignore
18674 2013-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18676 * lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat
18677 timeout documentation; reported by Sebastien Decugis.
18679 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18681 * build-aux/ar-lib: updated file
18683 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18685 * tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files
18687 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18689 * build-aux/test-driver, configure.ac: require automake 1.12.2 for
18692 2013-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18694 * lib/gnutls_priority.c: SECURE -> SECURE128
18696 2013-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18698 * guile/tests/priorities.scm: corrected priority strings
18700 2013-06-06 Martin Storsjo <martin@martin.st>
18702 * extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
18703 lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
18704 lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am,
18705 lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
18706 lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included
18707 implicitly via gnutls_int.h, if the nettle include directories
18708 aren't in one of the compiler standard paths. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
18710 2013-06-06 Martin Storsjo <martin@martin.st>
18712 * src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config
18713 include and lib paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
18715 2013-06-06 Ludovic Courtès <ludo@gnu.org>
18717 * guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by
18720 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18722 * lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies
18725 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18727 * lib/nettle/Makefile.am: correctly place cflags
18729 2013-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18731 * doc/cha-shared-key.texi: discourage usage of anonymous
18734 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18736 * doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update
18738 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18740 * lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am,
18741 m4/hooks.m4: Directly link to gmp library. Based on original patch
18742 by Alon Bar-Lev <alon.barlev@gmail.com>.
18744 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18746 * cross.mk: updated cross.mk
18748 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18750 * tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
18751 tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several
18752 updates for tests to run under win32
18754 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18756 * lib/system.c: null terminate strings in windows
18758 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18760 * cross.mk: updated makefile
18762 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18764 * tests/pkcs12-decode/pkcs12: fix windows extension
18766 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18768 * tests/pkcs1-padding/Makefile.am: avoid running tests which require
18769 datefudge in windows
18771 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18773 * src/cli.c: avoid struct sigaction in win32
18775 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18777 * tests/cert-tests/pem-decoding: Avoid comparing the expiration date
18778 to prevent false positive error in 32-bit systems.
18780 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18782 * tests/cert-tests/pathlen: Revert "Avoid comparing the expiration
18783 date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00.
18785 2013-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18787 * tests/cert-tests/pathlen: Avoid comparing the expiration date to
18788 prevent false positive error in 32-bit systems.
18790 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18794 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18796 * doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates
18798 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18800 * NEWS: updated from 3.2.1
18802 2013-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18804 * configure.ac: check for suse's CA bundle file
18806 2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18808 * lib/openpgp/privkey.c: call cleanup and deinit on the correct
18809 number of parameters
18811 2013-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18813 * lib/gnutls_pk.c: avoid calling clear on null values
18815 2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18817 * configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use
18818 pkg-config to detect nettle
18820 2013-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18822 * tests/mini-xssl.c: ignore sigpipe
18824 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18826 * lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic
18827 curves even when using SSL 3.0. This works around a bug on openssl
18828 in certain Debian systems.
18830 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18832 * po/LINGUAS, po/eo.po.in: Sync with TP.
18834 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18836 * .gitignore: more files to ignore
18838 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18840 * tests/mini-xssl.c: updated xssl.
18842 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18844 * lib/gnutls_dtls.c: doc update
18846 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18848 * tests/mini-overhead.c: document sizes
18850 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18852 * lib/gnutls_dtls.c: more precise calculation of overhead
18854 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18856 * tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS.
18858 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18860 * lib/gnutls_dtls.c: doc update
18862 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18866 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18868 * configure.ac, m4/hooks.m4: bumped version
18870 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18872 * lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in:
18873 revert prototype move
18875 2013-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18877 * doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am:
18880 2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18882 * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory
18883 copy on decryption.
18885 2013-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18887 * lib/gnutls_cipher_int.h: corrected likely()
18889 2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18891 * tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use
18892 various ciphers in tests.
18894 2013-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18896 * lib/gnutls_privkey.c: doc update
18898 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18900 * tests/mini-dtls-record.c: avoid delays by using a reliable
18903 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18905 * .gitignore: removed test file from repository
18907 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18909 * tests/mini-record.c: avoid delays by using a reliable transport
18912 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18914 * lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
18915 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory
18916 copy at encryption.
18918 2013-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18920 * lib/nettle/pk.c: eliminated unused variable
18922 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18924 * lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in().
18925 Report by Mann Ern Kang.
18927 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18929 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
18930 simplified code by passing an mbuffer.
18932 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18934 * lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name
18936 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18938 * lib/gnutls_pubkey.c: always set hash length
18940 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18942 * lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c:
18943 corrected bug with _gnutls_dsa_q_to_hash() usage introduced
18946 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18948 * lib/abstract_int.h, lib/algorithms.h,
18949 lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
18950 lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c,
18951 lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
18952 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
18953 lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
18954 lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS
18955 protocol version properties.
18957 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18959 * lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c,
18960 lib/algorithms.h, lib/algorithms/ciphers.c,
18961 lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
18962 lib/algorithms/protocols.c, lib/algorithms/sign.c,
18963 lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c,
18964 lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
18965 lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
18966 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
18967 lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
18968 lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c,
18969 lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
18970 lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am,
18971 lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c,
18972 lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c,
18973 lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
18974 lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
18975 lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
18976 lib/x509/x509_int.h: simplified access to cipher and mac properties
18977 to reduce wasted cycles.
18979 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18981 * extra/gnutls_openssl.c: modified openssl compat API to use the
18984 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18986 * lib/libgnutls.map: no longer export internal hash functions
18988 2013-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18990 * tests/mini-dtls-hello-verify.c: removed memory leak
18992 2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18994 * lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions
18996 2013-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
18998 * lib/gnutls_mbuffers.c: avoid calloc
19000 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19002 * lib/gnutls_record.c: fixes in record version checking
19004 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19006 * src/cli.c: use sigaction instead of signal in gnutls-cli
19008 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19010 * src/cli.c: Revert "break the loop when a SIGALRM has been
19011 received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b.
19013 2013-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19015 * src/libopts/m4/libopts.m4: relax check on requirement on headers
19016 for libopts. Reported by Mark Brand.
19018 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19020 * .gitignore: more files to ignore
19022 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19024 * lib/gnutls_record.c: Improved record version checks
19026 2013-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19028 * tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for
19029 hello verify message
19031 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19033 * lib/nettle/mac.c: fail on wrong key sizes
19035 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19037 * NEWS, lib/gnutls_dtls.c: corrected record overhead calculations
19039 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19041 * lib/gnutls_record.c: more detailed error
19043 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19045 * lib/gnutls_handshake.c: corrected resumption check
19047 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19049 * NEWS: updated doc
19051 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19053 * lib/gnutls_record.c: Allow record layer packets with version less
19054 than the negotiated. Allowing such records avoids issue in DTLS client hello request
19057 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19059 * lib/gnutls.pc.in: removed undefined variable
19061 2013-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19063 * NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c,
19064 lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map:
19065 gnutls_session_set_id() was added
19067 2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19069 * src/cli.c: break the loop when a SIGALRM has been received
19071 2013-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19073 * src/libopts/m4/libopts.m4: configure proceeds if regex library
19076 2013-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19078 * lib/gnutls_str.c: documented function behavior
19080 2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19082 * lib/gnutls_str.c: corrected typo
19084 2013-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19086 * lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c,
19087 lib/opencdk/sig-check.c, lib/x509/common.c,
19088 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
19089 lib/xssl.c, libdane/dane.c: several updates
19091 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19093 * src/danetool.c: print message on certificate verification
19095 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19099 2013-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19101 * tests/cert-tests/pem-decoding: more verbose messages
19103 2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
19105 * tests/eagain-common.h: When retrying gnutls_record_send due to
19106 GNUTLS_E_AGAIN, also try passing null data and length. Tests will
19107 fail after this patch until next patch is applied that fixes a bug
19108 in gnutls_record_send. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
19110 2013-05-10 Tim Kosse <tim.kosse@filezilla-project.org>
19112 * lib/gnutls_record.c: If gnutls_record_send fails with
19113 GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows
19114 passing null for the data and size on retry. Commit 2ec84d6 broke this usage of gnutls_record_send. This patch
19115 fixes the problem. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
19117 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19119 * doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas
19122 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19124 * NEWS: released 3.2.0
19126 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19128 * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
19129 doc/cha-gtls-examples.texi: simplified node referencing and add
19132 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19134 * m4/hooks.m4: increased revision
19136 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19138 * doc/Makefile.am, doc/manpages/Makefile.am: doc update
19140 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19142 * NEWS, lib/algorithms/ciphersuites.c: Added more options for
19145 2013-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19147 * src/libopts/m4/libopts.m4: applied libregex patch
19149 2013-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19151 * cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
19152 lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
19153 lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
19154 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
19155 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
19156 lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
19157 lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style
19158 comments to compile in old MacOSX systems. Reported by Ryan Schmidt.
19160 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19162 * doc/cha-auth.texi: doc update
19164 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19166 * lib/ext/alpn.c: clarified doc
19168 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19170 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
19171 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
19172 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
19173 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
19174 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
19175 doc/manpages/tpmtool.1: updated for new autogen
19177 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19179 * tests/mini-alpn.c: updated for new api
19181 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19183 * tests/dtls/dtls-stress.c: updated path
19185 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19187 * src/cli.c: corrected API usage.
19189 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19191 * lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c,
19192 lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support
19193 for the NO_APPLICATION_PROTOCOL alert for ALPN.
19195 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19197 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c,
19198 src/common.c: Improved ALPN support in gnutls-cli
19200 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19202 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
19203 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
19204 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
19205 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
19206 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
19207 src/srptool-args.c, src/srptool-args.h: updated libopts generated
19210 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19212 * src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
19213 src/libopts/Makefile.am, src/libopts/README,
19214 src/libopts/ag-char-map.h, src/libopts/alias.c,
19215 src/libopts/ao-strs.c, src/libopts/ao-strs.h,
19216 src/libopts/autoopts.c, src/libopts/autoopts.h,
19217 src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
19218 src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
19219 src/libopts/check.c, src/libopts/compat/compat.h,
19220 src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c,
19221 src/libopts/compat/strchr.c, src/libopts/compat/strdup.c,
19222 src/libopts/compat/windows-config.h, src/libopts/configfile.c,
19223 src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
19224 src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
19225 src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
19226 src/libopts/libopts.c, src/libopts/load.c,
19227 src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
19228 src/libopts/makeshell.c, src/libopts/nested.c,
19229 src/libopts/numeric.c, src/libopts/option-value-type.c,
19230 src/libopts/option-value-type.h,
19231 src/libopts/option-xat-attribute.c,
19232 src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
19233 src/libopts/parse-duration.h, src/libopts/pgusage.c,
19234 src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
19235 src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
19236 src/libopts/stack.c, src/libopts/streqvcmp.c,
19237 src/libopts/text_mmap.c, src/libopts/time.c,
19238 src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c:
19239 updated libopts to autogen 5.17.3
19241 2013-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19243 * src/cli-args.def, src/cli.c: Added --alpn option to cli
19245 2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19247 * configure.ac, m4/hooks.m4: bumped version
19249 2013-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19251 * NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
19252 lib/nettle/mac.c: Added umac-128
19254 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19256 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the
19257 key purpose in certificate requests
19259 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19261 * tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is
19262 disabled. Reported by Linus Nordberg.
19264 2013-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19266 * libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo.
19267 reported by Etan Reisner.
19269 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19271 * tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c:
19272 updated include files
19274 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19276 * lib/gnutls_handshake.c: simplified code
19278 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19280 * gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
19281 gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
19282 gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c,
19283 gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib
19285 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19287 * tests/anonself.c, tests/certder.c,
19288 tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
19289 tests/chainverify-unsorted.c, tests/chainverify.c,
19290 tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
19291 tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c,
19292 tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c,
19293 tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
19294 tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c,
19295 tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c,
19296 tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
19297 tests/mini-eagain-dtls.c, tests/mini-eagain.c,
19298 tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
19299 tests/mini-loss-time.c, tests/mini-record-range.c,
19300 tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c,
19301 tests/mini-termination.c, tests/mini-x509-2.c,
19302 tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
19303 tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c,
19304 tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c,
19305 tests/openpgp-auth.c, tests/openpgp-auth2.c,
19306 tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
19307 tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
19308 tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
19309 tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
19310 tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
19311 tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
19312 tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
19313 tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
19314 tests/set_pkcs12_cred.c, tests/setcredcrash.c,
19315 tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
19316 tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
19317 tests/suite/mini-record-timing.c, tests/utils.h,
19318 tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
19319 tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When
19320 running tests disable PKCS #11 support to avoid detecting memory
19321 leaks from PKCS #11 libraries.
19323 2013-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19325 * lib/gnutls_dtls.c: doc update
19327 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19329 * tests/dtls/Makefile.am: link explicitly to librt
19331 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19335 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19339 2013-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19341 * .gitignore, build-aux/config.rpath, build-aux/gendocs.sh,
19342 configure.ac, gl/Makefile.am, gl/gettime.c,
19343 gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4,
19344 gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
19345 gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4,
19346 gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4,
19347 gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h,
19348 gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c,
19349 gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c,
19350 lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c,
19351 lib/system.h, src/benchmark-cipher.c, src/benchmark.c,
19352 src/benchmark.h, tests/suite/Makefile.am,
19353 tests/suite/mini-record-timing.c: Avoid linking the library on
19356 2013-04-27 Stef Walter <stefw@redhat.com>
19358 * tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
19360 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19362 * tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem,
19363 tests/cert-tests/pem-decoding: Added test for escaping rules.
19365 2013-04-27 Stef Walter <stefw@redhat.com>
19367 * lib/x509/common.c: Add the standard description OID to those
19368 recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
19370 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19372 * lib/x509/common.c, lib/x509/dn.c: Always escape printable strings
19373 the LDAP way, and avoid escaping hex encoded values. Report and
19374 initial patch from Stef Walter.
19376 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19378 * lib/x509/common.c, lib/x509/common.h: Do not include null
19379 terminator in DN string. When printing an unknown DN string as hex do not include the null
19380 terminator. Reported by Stef Walter.
19382 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19384 * configure.ac: Link against pthread only when pthread_mutex_lock
19387 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19389 * lib/accelerated/x86/sha-padlock.c: initialize the digest after
19392 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19394 * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
19395 src/pkcs11.c: read_yesno() accepts a default value. By default
19396 certificates are marked as ok for signing and encryption.
19398 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19400 * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license
19402 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19404 * lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
19405 lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
19406 lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability
19409 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19411 * lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
19412 lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
19413 lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset
19414 separately. It is implied by nettle's output function.
19416 2013-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19418 * lib/crypto-api.c: updated documentation
19420 2013-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19422 * src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
19423 src/benchmark.h: updated benchmark output
19425 2013-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19427 * doc/TODO: updated TODO list
19429 2013-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19431 * lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the
19432 pass argument on PKCS #11 keys.
19434 2013-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19436 * lib/accelerated/x86/hmac-padlock.c,
19437 lib/accelerated/x86/sha-padlock.c: corrected memory leak in
19438 padlock_hash_fast()
19440 2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19442 * doc/cha-intro-tls.texi: mention about experimental protocols
19444 2013-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19446 * src/benchmark-tls.c: nettle 2.7 is required
19448 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19450 * doc/cha-crypto.texi: doc update
19452 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19454 * doc/cha-crypto.texi: Added documentation on public key API.
19456 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19458 * doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority
19459 string VERS-DTLS-ALL
19461 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19463 * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
19464 m4/hooks.m4: nettle 2.7 is required
19466 2013-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19468 * NEWS: corrected doc
19470 2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19472 * lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
19473 m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27
19475 2013-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19477 * lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
19478 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
19479 src/benchmark-tls.c: Added ESTREAM salsa20 cipher.
19481 2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19483 * lib/nettle/mac.c: better naming of functions
19485 2013-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19487 * lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
19488 lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new
19491 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19493 * README: added note about LGPLv3
19495 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19497 * lib/system_override.c: doc update
19499 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19501 * lib/gnutls_buffers.c: use unlikely
19503 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19505 * NEWS: documented update
19507 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19509 * configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am,
19510 lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c,
19511 lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
19512 lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am,
19513 tests/mini-alpn.c: Added support for the ALPN extension.
19515 2013-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19517 * lib/gnutls_constate.c: removed unused variables
19519 2013-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19521 * src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT
19524 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19528 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19530 * doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
19531 doc/cha-tokens.texi, lib/gnutls_x509.c,
19532 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
19533 gnutls_certificate_set_x509_key_mem2() and
19534 gnutls_certificate_set_x509_key_file2()
19536 2013-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19538 * doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi,
19539 lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc
19542 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19544 * lib/algorithms.h, lib/algorithms/ciphers.c,
19545 lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h:
19546 removed TLS export key generation
19548 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19550 * NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am,
19551 lib/algorithms.h, lib/algorithms/ciphersuites.c,
19552 lib/algorithms/kx.c, lib/algorithms/publickey.c,
19553 lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c,
19554 lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c,
19555 lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
19556 lib/gnutls_priority.c, lib/gnutls_rsa_export.c,
19557 lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
19558 lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
19559 lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c,
19560 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the
19561 RSA-EXPORT ciphersuites.
19563 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19565 * NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c,
19566 lib/algorithms/protocols.c, lib/gnutls_priority.c,
19567 lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added
19568 support for DTLS 1.2
19570 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19572 * lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
19573 lib/includes/gnutls/gnutls.h.in: deprecated
19574 gnutls_privkey_sign_raw_data()
19576 2013-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19578 * doc/TODO: updated
19580 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19582 * lib/gnutls_range.c: updates in range handling code.
19584 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19586 * tests/Makefile.am, tests/mini-record-range.c: Added test for
19589 2013-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19591 * lib/auth/ecdhe.c: Set the curve priority to calling derive.
19593 2013-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19595 * lib/nettle/pk.c: reduce the number of temp variables in ECDH
19597 2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19599 * src/common.c: print the signatures used.
19601 2013-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19603 * lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
19604 lib/gnutls_session_pack.c, lib/gnutls_sig.c,
19605 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
19606 gnutls_sign_algorithm_get_client()
19608 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19610 * lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat
19611 implementation to match the rest of the library
19613 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19615 * doc/cha-internals.texi: updated text
19617 2013-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19619 * lib/ext/heartbeat.c: gnutls_pong() returns zero on success.
19621 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19623 * lib/ext/heartbeat.h: removed function that didn't exist
19625 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19627 * lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat
19629 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19631 * tests/mini-dtls-heartbeat.c: Check all error conditions.
19633 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19635 * lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by
19638 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19640 * NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c,
19641 lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
19642 lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
19643 lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
19644 lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
19645 lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c,
19646 lib/nettle/ecc_projective_add_point_ng.c,
19647 lib/nettle/ecc_projective_check_point.c,
19648 lib/nettle/ecc_projective_dbl_point_3.c,
19649 lib/nettle/ecc_projective_isneutral.c,
19650 lib/nettle/ecc_projective_negate_point.c,
19651 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
19652 lib/nettle/ecc_verify_hash.c, lib/nettle/init.c,
19653 lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c,
19654 lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve
19655 code from gnutls. Use nettle's implementation.
19657 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19659 * src/serv.c: corrected issue in ecccertfile option
19661 2013-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19663 * lib/gnutls_handshake.c: make a short list of the available PK
19666 2013-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19668 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
19669 lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign
19670 and verification flags to operate in RSA raw mode (as used in TLS).
19672 2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19674 * lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow
19675 for a wrong version in the RSA PMS.
19677 2013-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19679 * lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c,
19680 lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c:
19681 convert gnutls versions to TLS major-minor in a single function.
19683 2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19685 * devel/perlasm/license-gnutls.txt,
19686 lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
19687 lib/accelerated/x86/coff/cpuid-x86-coff.s,
19688 lib/accelerated/x86/elf/cpuid-x86-64.s,
19689 lib/accelerated/x86/elf/cpuid-x86.s,
19690 lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
19691 lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
19692 lib/ext/status_request.h, lib/gnutlsxx.cpp,
19693 lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
19694 lib/includes/gnutls/x509.h, lib/libgnutls.map,
19695 lib/x509/verify-high.h: changed license headers to 2.1. Reported by
19698 2013-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19702 2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19704 * doc/manpages/Makefile.am: updated copyright
19706 2013-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19708 * NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c,
19709 lib/crypto-api.c, lib/includes/gnutls/crypto.h,
19710 lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size()
19712 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19716 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19718 * lib/gnutls_privkey.c: doc update
19720 2013-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19722 * doc/cha-internals.texi: corrected file location
19724 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19726 * tests/openpgp-auth.c: use return instead of exit
19728 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19730 * lib/auth/cert.c: use the proper defines
19732 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19734 * NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c,
19735 lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h,
19736 lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with
19737 fingerprints. Reported by Joke de Buhr.
19739 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19741 * tests/openpgp-auth.c: openpgp-auth tests
19742 gnutls_openpgp_set_recv_key_function() as well.
19744 2013-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19746 * NEWS, lib/gnutls_sig.c: correct issue with the (deprecated)
19747 external key signing and TLS 1.2
19749 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19751 * src/benchmark.c: use clock_gettime when we can
19753 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19755 * src/benchmark-cipher.c: removed R20
19757 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19759 * NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
19760 lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
19761 src/benchmark-tls.c: Salsa20R20 -> Salsa20
19763 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19765 * lib/libgnutls.map, tests/gc.c: use the exported variant of
19766 _gnutls_hmac_fast().
19768 2013-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19770 * NEWS, lib/accelerated/cryptodev.c,
19771 lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c,
19772 lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
19773 lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
19774 lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
19775 lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
19776 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
19777 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
19778 lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c,
19779 lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4,
19780 src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can
19781 now be used for other MAC algorithms, like UMAC. UMAC-96 and
19782 UMAC-128 were conditionally added.
19784 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19786 * src/benchmark-tls.c: use RSA ciphersuite to compare ciphers.
19788 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19790 * lib/gnutls_cipher.c: corrected bug in stream ciphers and added new
19791 cipher to the new padding format.
19793 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19795 * NEWS, lib/algorithms.h, lib/algorithms/ciphers.c,
19796 lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
19797 lib/gnutls_constate.c, lib/gnutls_dtls.c,
19798 lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
19799 lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c,
19800 lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c,
19801 src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites.
19803 2013-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19805 * lib/pkcs11.c: search only for slots with tokens and avoid caching
19806 to prevent issues with multiple threads.
19808 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19812 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19814 * doc/cha-tokens.texi, lib/gnutls_privkey.c,
19815 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
19816 gnutls_privkey_status()
19818 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19820 * lib/pkcs11.c: avoid internal error
19822 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19824 * lib/pkcs11.c: use correct type for rv
19826 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19830 2013-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19832 * lib/pkcs11.c: scan slots on PKCS #11 providers only when needed,
19833 not on initialization.
19835 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19837 * lib/gnutls_privkey.c: doc update
19839 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19841 * doc/cha-library.texi: documented the new configure options
19843 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19845 * NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c,
19846 lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private
19847 key parameters are overwritten with zeros on deinitialization.
19849 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19851 * doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib:
19854 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19856 * doc/cha-tokens.texi: simplified text
19858 2013-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19860 * configure.ac, m4/hooks.m4: bumped version
19862 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19864 * NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
19865 lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
19866 lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
19867 gnutls_privkey_sign_raw_data()
19869 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19871 * lib/gnutls_pcert.c: simplified code
19873 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19875 * src/serv.c: gnutls-serv may run without certificate, but will
19878 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19880 * src/serv.c: gnutls-serv issues an error if no certificate and key
19883 2013-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19885 * COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1
19887 2013-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19889 * lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
19890 lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added
19891 several ifdefs to avoid using disabled code.
19893 2013-03-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
19895 * doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for
19896 *_key_id() creation. For the rationale behind this, see the gnutls-devl thread 'X.509
19897 "Key Identifiers" in GnuTLS' found either at
19899 http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland
19900 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674
19902 2013-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19904 * NEWS, doc/examples/ex-cert-select-pkcs11.c,
19905 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
19906 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
19907 doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
19908 lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
19909 lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc()
19911 2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19913 * configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
19914 lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c,
19915 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c,
19916 lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
19917 lib/auth/ecdhe.c, lib/auth/ecdhe.h, lib/auth/rsa_export.c,
19918 lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
19919 lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
19920 m4/hooks.m4: Added options to disable more key exchange mechanisms. In that DHE was separated from ECDHE.
19922 2013-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19924 * src/serv.c: removed unneeded code
19926 2013-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19928 * src/cli.c: When requesting DANE data resolve a service name into a
19929 port number. Reported by James Cloos.
19931 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19935 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19937 * doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update
19939 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19941 * lib/x509/dn.c: avoid duplicate memory allocation in
19942 _gnutls_x509_get_dn()
19944 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19946 * tests/cert-tests/dane-test.rr: The default dane output is type 03
19949 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19951 * lib/gnutls_x509.c: simplified
19953 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19955 * lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return
19956 proper also when loading a private key.
19958 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19960 * lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER ->
19961 GNUTLS_TPMKEY_FMT_RAW
19963 2013-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19965 * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c:
19966 return unimplemented feature on encounter of a known but unsupported
19969 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19971 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
19972 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
19973 src/danetool.c: updates in danetool
19975 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19977 * Makefile.am, configure.ac: Added configure option to disable the
19980 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19982 * doc/invoke-certtool.texi, src/certtool-args.c,
19983 src/certtool-args.def, src/certtool-args.h: updated example
19986 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19988 * tests/suite/ecore/src/lib/Ecore.h: updated
19990 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19992 * lib/x509_b64.c: corrected allocation size
19994 2013-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
19996 * lib/gnutls_ui.c: simplified text
19998 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20000 * configure.ac: Fixes in cpu and cross-compilation detection
20002 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20004 * lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c,
20005 lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn().
20007 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20009 * lib/system.c: check revocation prior to reading local certs.
20011 2013-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20013 * lib/x509/verify-high.c: deinitialize the certificate
20015 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20019 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20021 * configure.ac: When cross compiling do not check for ca
20024 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20026 * configure.ac: auto-detect CA certificates only if
20027 with-default-trust-store-file is not provided.
20029 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20031 * lib/system.c: corrected parameters.
20033 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20035 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
20036 lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c,
20037 tests/x509cert-tl.c: Added functions that remove certificates from a
20040 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20042 * libdane/includes/gnutls/dane.h: updated doc
20044 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20046 * lib/system.c: Check for revoked certs in android and do not add.
20047 Suggested by David Woodhouse.
20049 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20051 * lib/system.c: corrected add_system_trust() in the unsupported
20054 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20056 * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
20057 lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c,
20058 lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several
20059 optimizations on certificate comparisons including DN. This speeds
20060 up CA certificate loading, and certificate verification.
20062 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20064 * lib/x509/verify-high.c: Revert "When making the hash list of the
20065 CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14.
20067 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20071 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20073 * lib/x509/verify-high.c: When making the hash list of the CAs avoid
20074 calling get_raw_*_dn() which is very costly.
20076 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20078 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
20079 lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c,
20080 lib/x509/x509_int.h: Added new functions to get the LDAP DN in an
20083 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20085 * src/cli.c: Removed unused code.
20087 2013-03-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
20089 * lib/x509/x509_write.c: fix description of id_size parameter
20091 2013-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20093 * lib/system.c: handle the interesting variance between directories
20095 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20097 * lib/system.c: test for ANDROID or __ANDROID__
20099 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20101 * build-aux/ar-lib: updated
20103 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20105 * configure.ac: call gl_EARLY earlier, and add AM_PROG_AR.
20107 2013-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20109 * lib/gnutls.pc.in: corrected link
20111 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20113 * configure.ac: removed Werror from automake rules
20115 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20117 * doc/Makefile.am: Added flag
20119 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20121 * .gitignore, ChangeLog: removed
20123 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20125 * lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation
20126 of programs that cannot be.
20128 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20130 * lib/system.c: more simplifications to
20131 gnutls_x509_trust_list_add_system_trust()
20133 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20137 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20139 * lib/system.c: corrected reading from directory.
20141 2013-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20143 * lib/system.c: gnutls_x509_trust_list_add_system_trust() was made
20144 to work in android 4.x.
20146 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20150 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20152 * lib/system.c: More cleanups in
20153 gnutls_x509_trust_list_add_system_trust()
20155 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20157 * configure.ac: Select CPU optimizations based on target cpu rather
20160 2013-03-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20162 * lib/Makefile.am, lib/system.c: some simplifications in
20163 gnutls_x509_trust_list_add_system_trust()
20165 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20167 * NEWS, src/certtool.c: Use ARCFOUR cipher by default to be
20168 compatible with devices like android that don't support AES
20170 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20172 * NEWS, doc/invoke-danetool.texi, libdane/dane.c,
20173 libdane/includes/gnutls/dane.h, src/danetool-args.c,
20174 src/danetool-args.def, src/danetool-args.h, src/danetool.c,
20175 tests/suite/Makefile.am, tests/suite/testdane: Added verify flags
20176 for DANE to enforce verification and restrict it to a field.
20178 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20180 * .gitignore, ChangeLog: added empty ChangeLog
20182 2013-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20184 * GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
20185 build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
20186 build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h,
20187 build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
20188 build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
20189 gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c,
20190 gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h,
20191 gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h,
20192 gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c,
20193 gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c,
20194 gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c,
20195 gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h,
20196 gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c,
20197 gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h,
20198 gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c,
20199 gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
20200 gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h,
20201 gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c,
20202 gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
20203 gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
20204 gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
20205 gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
20206 gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
20207 gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
20208 gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c,
20209 gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
20210 gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
20211 gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
20212 gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
20213 gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4,
20214 gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
20215 gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4,
20216 gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
20217 gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4,
20218 gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4,
20219 gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
20220 gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
20221 gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4,
20222 gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4,
20223 gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
20224 gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
20225 gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
20226 gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
20227 gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
20228 gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
20229 gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
20230 gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4,
20231 gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
20232 gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4,
20233 gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
20234 gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
20235 gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4,
20236 gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4,
20237 gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
20238 gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
20239 gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4,
20240 gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4,
20241 gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4,
20242 gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4,
20243 gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4,
20244 gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
20245 gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
20246 gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
20247 gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
20248 gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4,
20249 gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4,
20250 gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
20251 gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
20252 gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
20253 gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
20254 gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
20255 gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4,
20256 gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4,
20257 gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
20258 gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
20259 gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
20260 gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
20261 gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
20262 gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
20263 gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
20264 gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4,
20265 gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
20266 gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4,
20267 gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4,
20268 gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
20269 gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
20270 gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
20271 gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
20272 gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
20273 gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
20274 gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
20275 gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h,
20276 gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
20277 gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
20278 gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
20279 gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
20280 gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
20281 gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
20282 gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c,
20283 gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c,
20284 gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
20285 gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
20286 gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c,
20287 gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h,
20288 gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
20289 gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
20290 gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
20291 gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
20292 gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
20293 gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c,
20294 gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
20295 gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
20296 gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
20297 gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c,
20298 gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c,
20299 gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
20300 gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh,
20301 gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h,
20302 gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c,
20303 gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h,
20304 gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
20305 gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c,
20306 gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c,
20307 gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c,
20308 gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c,
20309 gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
20310 gl/tests/test-accept.c, gl/tests/test-alloca-opt.c,
20311 gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
20312 gl/tests/test-arpa_inet.c, gl/tests/test-base64.c,
20313 gl/tests/test-binary-io.c, gl/tests/test-bind.c,
20314 gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
20315 gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c,
20316 gl/tests/test-close.c, gl/tests/test-connect.c,
20317 gl/tests/test-dirent.c, gl/tests/test-dup2.c,
20318 gl/tests/test-environ.c, gl/tests/test-errno.c,
20319 gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
20320 gl/tests/test-fgetc.c, gl/tests/test-float.c,
20321 gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c,
20322 gl/tests/test-fread.c, gl/tests/test-frexp.c,
20323 gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
20324 gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
20325 gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
20326 gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
20327 gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
20328 gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
20329 gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
20330 gl/tests/test-func.c, gl/tests/test-fwrite.c,
20331 gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
20332 gl/tests/test-getdelim.c, gl/tests/test-getline.c,
20333 gl/tests/test-getopt.c, gl/tests/test-getopt.h,
20334 gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
20335 gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c,
20336 gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c,
20337 gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
20338 gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
20339 gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
20340 gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c,
20341 gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
20342 gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
20343 gl/tests/test-isnanl.h, gl/tests/test-listen.c,
20344 gl/tests/test-locale.c, gl/tests/test-localename.c,
20345 gl/tests/test-lstat.c, gl/tests/test-lstat.h,
20346 gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
20347 gl/tests/test-math.c, gl/tests/test-memchr.c,
20348 gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
20349 gl/tests/test-open.c, gl/tests/test-open.h,
20350 gl/tests/test-pathmax.c, gl/tests/test-perror.c,
20351 gl/tests/test-perror2.c, gl/tests/test-pipe.c,
20352 gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
20353 gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
20354 gl/tests/test-read-file.c, gl/tests/test-recv.c,
20355 gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
20356 gl/tests/test-select-stdin.c, gl/tests/test-select.c,
20357 gl/tests/test-select.h, gl/tests/test-send.c,
20358 gl/tests/test-sendto.c, gl/tests/test-setenv.c,
20359 gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c,
20360 gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
20361 gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
20362 gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
20363 gl/tests/test-sockets.c, gl/tests/test-stat.c,
20364 gl/tests/test-stat.h, gl/tests/test-stdalign.c,
20365 gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
20366 gl/tests/test-stdint.c, gl/tests/test-stdio.c,
20367 gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
20368 gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
20369 gl/tests/test-string.c, gl/tests/test-strings.c,
20370 gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
20371 gl/tests/test-symlink.c, gl/tests/test-symlink.h,
20372 gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
20373 gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
20374 gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
20375 gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
20376 gl/tests/test-sysexits.c, gl/tests/test-time.c,
20377 gl/tests/test-u64.c, gl/tests/test-unistd.c,
20378 gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c,
20379 gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh,
20380 gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
20381 gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
20382 gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
20383 gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
20384 gl/tests/unistr/test-u8-mbtoucr.c,
20385 gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c,
20386 gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
20387 gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
20388 gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
20389 gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c,
20390 gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
20391 gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
20392 gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk:
20395 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20397 * lib/libgnutls.map: Added gnutls_pkcs11_privkey_status
20399 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20401 * doc/Makefile.am, doc/invoke-certtool.texi,
20402 doc/manpages/Makefile.am: updated
20404 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20406 * NEWS, configure.ac, m4/hooks.m4: bumped version
20408 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20410 * lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c,
20411 lib/gnutls_session_pack.c: small optimizations in session storage
20413 2013-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20415 * lib/gnutls_state.c: no need to memset during session deinit.
20417 2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20419 * NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation
20422 2013-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20424 * lib/gnutls_db.c, lib/gnutls_handshake.c,
20425 lib/gnutls_session_pack.c: Small fixes.
20427 2013-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20429 * NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added
20430 gnutls_pkcs11_privkey_status().
20432 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20434 * lib/x509/verify.c: doc update
20436 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20438 * libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h:
20439 when verifying a DANE CA constraint make sure that the provided
20440 chain is actually a chain.
20442 2013-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20444 * libdane/dane.c: doc update
20446 2013-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20448 * doc/cha-tokens.texi: mention enable-in in p11-kit config.
20450 2013-02-20 Jaak Ristioja <jaak.ristioja@cyber.ee>
20452 * lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code
20453 functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix
20454 compilation of certtool when PSK is disabled. These are rather generic functions by nature, so it would be
20455 reasonable to include them in GnuTLS even if PSK support is
20456 disabled. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
20458 2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20460 * lib/pkcs11.c: print info on reinitializor error.
20462 2013-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20464 * doc/cha-cert-auth.texi: Documented the DANE situation in gnutls.
20465 Suggested by Gabor Toth.
20467 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20469 * NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize
20472 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20474 * lib/pkcs11.c: return proper error
20476 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20480 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20482 * src/serv.c: use set_int when needed
20484 2013-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20486 * lib/ext/session_ticket.c, lib/gnutls_datum.c,
20487 lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c,
20488 lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use
20489 gnutls_realloc_fast everywhere. Suggested by David Woodhouse.
20491 2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20493 * lib/auth/rsa.c: better cleanup on error on export case
20495 2013-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20497 * lib/x509/x509.c: corrected parsing issue in XMPP data when in a
20498 subject alternative name
20500 2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20502 * doc/cha-tokens.texi, lib/gnutls_record.c,
20503 lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up
20504 the PIN calling in TPM
20506 2013-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20508 * NEWS, doc/cha-gtls-app.texi,
20509 doc/examples/ex-cert-select-pkcs11.c,
20510 doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
20511 doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
20512 doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
20513 doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
20514 doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
20515 doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c,
20516 lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
20517 lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience
20518 functions to avoid ugly casting in simple programs.
20520 2013-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20522 * doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be
20523 more explicit in DTLS examples to account for LARGE_PACKET error
20525 2013-02-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
20527 * lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use
20529 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20531 * NEWS: documented fix
20533 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20535 * lib/libgnutls.map: corrected export of functions
20537 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20539 * NEWS: documented fix
20541 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20543 * lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data()
20545 2013-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20547 * lib/x509/verify-high.c: reduced hash table size
20549 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20551 * lib/gnutls_pubkey.c: doc update
20553 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20555 * lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const
20557 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20559 * NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
20560 lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
20561 lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random
20562 -> gnutls_handshake_set_random
20564 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20566 * lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms
20568 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20570 * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
20571 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
20572 gnutls_handshake_set_server_random
20574 2013-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20576 * lib/nettle/rnd.c: properly set close-on-exec.
20578 2013-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20580 * doc/examples/ex-serv-anon.c: avoid ptrdiff_t
20582 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20584 * NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for
20585 a password to generate PKCS #12 files. That is when provided an encrypted key file. Reported by Yan Fiz.
20587 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20589 * lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS
20591 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20593 * tests/Makefile.am: removed duplicate
20595 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20597 * doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates
20599 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20601 * tests/Makefile.am: slow tests moved at the end of the suite
20603 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20605 * lib/gnutls_buffers.c: simplified cleaning-up in
20606 _gnutls_stream_read and _gnutls_dgram_read
20608 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20610 * lib/nettle/pk.c: corrected extract_digest_info
20612 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20614 * lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client
20615 side the verify callback is always being called.
20617 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20619 * lib/gnutls_priority.c: further relaxed security levels
20621 2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
20623 * Makefile.am, configure.ac: Add option to disable generation of any
20624 documentation for GnuTLS.
20626 2013-01-29 Jaak Ristioja <jaak.ristioja@cyber.ee>
20628 * Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am:
20629 Prevent libdane pkgconfig stuff from being installed if libdane
20630 support is disabled.
20632 2013-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20634 * NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8
20636 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20638 * NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and
20641 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20643 * lib/algorithms/secparams.c: reduced the very weak DH level to 768
20644 bits to not reject popular sites that operate on that level.
20646 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20648 * lib/auth/dh_common.c: added debugging message to indicate the
20651 2013-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20653 * lib/gnutls_handshake.c: Do not call the certificate verification
20654 callback if certificates are ignored.
20656 2013-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20658 * lib/gnutls_record.c: avoid memset on the whole record header
20661 2013-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20663 * NEWS, lib/x509/privkey.c: fixed issue in
20664 gnutls_x509_privkey_import2()
20666 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20668 * doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib,
20669 lib/tpm.c: reference TPMURI
20671 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20673 * lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc
20675 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20677 * lib/nettle/pk.c: corrected typo
20679 2013-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20681 * lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work
20682 with arbitrary key sizes.
20684 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20686 * lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added
20687 a magic number in front session DB data.
20689 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20691 * lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand.
20693 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20695 * NEWS, lib/gnutls_cipher.c: update
20697 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20699 * tests/cert-tests/ca-no-pathlen.pem: test update
20701 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20703 * doc/cha-functions.texi, doc/manpages/Makefile.am: update
20705 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20707 * doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c:
20710 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20714 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20716 * doc/invoke-gnutls-cli.texi: doc update
20718 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20720 * lib/gnutls_range.c: document limitation
20722 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
20724 * lib/gnutls_range.c: Make sure we don't fail if writing gets
20727 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20729 * tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't
20732 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20734 * NEWS: documented fix
20736 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20738 * NEWS: postpone the change
20740 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20742 * COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.
20744 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20746 * tests/suite/mini-record-timing.c: updated test
20748 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20750 * lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a
20751 timing attack in TLS CBC record parsing.
20753 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20757 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20759 * lib/gnutls_extensions.c, lib/gnutls_record.c: only register
20760 heartbeat if it is enabled.
20762 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20764 * COPYING.LESSER: license is again LGPLv2.1
20766 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20768 * configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
20769 m4/hooks.m4: updated heartbeat code, and made it optional.
20771 2013-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20773 * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo
20775 2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20777 * lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c,
20778 lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
20779 lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use
20780 LGPLv2.1 in the files their author's agreed to.
20782 2013-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20784 * lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
20785 lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA
20786 to specify trusted CA certificates.
20788 2013-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20790 * NEWS: added new func
20792 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20794 * lib/gnutls_session_pack.c: corrected session resumption
20796 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20798 * lib/gnutls_db.c: simplified DB storing
20800 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20802 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c:
20803 Applied disable SNI patch from Daniel.
20805 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20807 * lib/gnutls_db.c: remove function is not required to add or
20810 2013-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20812 * lib/abstract_int.h, lib/accelerated/accelerated.c,
20813 lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
20814 lib/accelerated/x86/aes-gcm-padlock.c,
20815 lib/accelerated/x86/aes-gcm-x86.c,
20816 lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
20817 lib/accelerated/x86/hmac-padlock.c,
20818 lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h,
20819 lib/algorithms.h, lib/algorithms/cert_types.c,
20820 lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
20821 lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
20822 lib/algorithms/protocols.c, lib/algorithms/publickey.c,
20823 lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
20824 lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
20825 lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
20826 lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c,
20827 lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk.h,
20828 lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
20829 lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
20830 lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
20831 lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
20832 lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h,
20833 lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
20834 lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
20835 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
20836 lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
20837 lib/ext/server_name.c, lib/ext/server_name.h,
20838 lib/ext/session_ticket.c, lib/ext/session_ticket.h,
20839 lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
20840 lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/gnutls_alert.c,
20841 lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
20842 lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
20843 lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
20844 lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
20845 lib/gnutls_compress.h, lib/gnutls_constate.c,
20846 lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
20847 lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
20848 lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
20849 lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c,
20850 lib/gnutls_errors.h, lib/gnutls_extensions.c,
20851 lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
20852 lib/gnutls_handshake.c, lib/gnutls_handshake.h,
20853 lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
20854 lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c,
20855 lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
20856 lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
20857 lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
20858 lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
20859 lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
20860 lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_record.h,
20861 lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
20862 lib/gnutls_session.c, lib/gnutls_session_pack.c,
20863 lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
20864 lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
20865 lib/gnutls_state.h, lib/gnutls_str.h, lib/gnutls_str_array.h,
20866 lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
20867 lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
20868 lib/gnutls_x509.c, lib/gnutls_x509.h,
20869 lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
20870 lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
20871 lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
20872 lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
20873 lib/includes/gnutls/tpm.h, lib/locks.c, lib/locks.h,
20874 lib/nettle/cipher.c, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
20875 lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
20876 lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c,
20877 lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c,
20878 lib/nettle/ecc_projective_check_point.c,
20879 lib/nettle/ecc_projective_dbl_point_3.c,
20880 lib/nettle/ecc_projective_isneutral.c,
20881 lib/nettle/ecc_projective_negate_point.c,
20882 lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
20883 lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/egd.h,
20884 lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
20885 lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/wmnaf.c,
20886 lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
20887 lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
20888 lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h,
20889 lib/opencdk/misc.c, lib/opencdk/new-packet.c,
20890 lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
20891 lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
20892 lib/opencdk/sig-check.c, lib/opencdk/stream.c,
20893 lib/opencdk/stream.h, lib/opencdk/types.h,
20894 lib/opencdk/write-packet.c, lib/openpgp/compat.c,
20895 lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
20896 lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
20897 lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
20898 lib/openpgp/privkey.c, lib/pin.c, lib/pkcs11.c, lib/pkcs11_int.h,
20899 lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/random.c,
20900 lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
20901 lib/tpm.c, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h,
20902 lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
20903 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
20904 lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/pbkdf2-sha1.c,
20905 lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
20906 lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
20907 lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
20908 lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
20909 lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h,
20910 lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h: Use LGPLv2.1
20911 in the files their author's agreed to.
20913 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20915 * lib/gnutls_db.c, lib/gnutls_session_pack.c,
20916 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
20917 gnutls_db_check_entry_time().
20919 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20921 * lib/gnutls_db.c: deprecated problematic function
20923 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20925 * NEWS, lib/gnutls_db.c, lib/gnutls_handshake.c,
20926 lib/gnutls_session_pack.c: Fixes in server side of DTLS-0.9.
20928 2013-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20930 * lib/includes/gnutls/xssl.h: corrected typo
20932 2013-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20934 * lib/gnutls_record.c: uncork doesn't do anything when the session
20935 is already in flush mode
20937 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20939 * .gitignore, doc/.gitignore: more files to ignore
20941 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20943 * doc/cha-gtls-examples.texi, lib/includes/gnutls/xssl.h: doc update
20945 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20947 * NEWS, configure.ac, m4/hooks.m4: bumped version
20949 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20951 * doc/latex/cover.tex: Added Alfredo
20953 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20955 * doc/cha-gtls-examples.texi, doc/gnutls.texi, doc/latex/cover.tex:
20956 updated doc for XSSL
20958 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20960 * doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c,
20961 doc/examples/ex-client-xssl2.c: Added XSSL client examples.
20963 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20965 * lib/Makefile.am, lib/libgnutls.map, tests/Makefile.am: Fixed
20966 compilation of mini-xssl.
20968 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20970 * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: small fixes
20972 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20974 * NEWS, lib/Makefile.am, m4/hooks.m4: xssl API moved to xssl library
20976 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20978 * NEWS: updated text
20980 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20982 * doc/cha-gtls-app.texi: Comment out new padding until it is
20983 standardized or at least approved by the WG.
20985 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20987 * doc/Makefile.am, doc/doc.mk: fix xssl
20989 2013-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
20991 * src/cli-debug.c: Corrected issue in gnutls-cli-debug which tried
20992 connections to multiple hosts. gnutls-cli-debug was trying to connect to all possible IP addresses
20993 of the host and failed if any was unavailable. Now it tries
20994 sequentially and accepts the first that is working. Reported by
20995 Daniel Kahn Gillmor.
20997 2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21001 2013-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21003 * .gitignore, NEWS: updated NEWS
21005 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21007 * lib/crypto-api.c: Fix AEAD out-of-place decryption
21009 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21011 * tests/suite/mini-record-timing.c: updated test
21013 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21015 * NEWS, lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_errors.c,
21016 lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
21017 lib/includes/gnutls/sbuf.h, lib/includes/gnutls/xssl.h,
21018 lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
21019 lib/xssl.c, lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
21020 tests/mini-sbuf.c, tests/mini-xssl.c: Added new interface.
21022 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21024 * lib/gnutls_handshake.c: propagate the error of the verify
21027 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21029 * lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c: updates
21032 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21034 * NEWS, lib/crypto-backend.h, lib/gnutls_state.c,
21035 lib/includes/gnutls/crypto.h, lib/nettle/rnd.c, lib/random.c,
21036 lib/random.h: Added gnutls_rnd_refresh().
21038 2013-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21040 * lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h,
21041 lib/gnutls_ui.c: Keep the legacy dh_prime_bits.
21043 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21045 * lib/gnutls_int.h, lib/includes/gnutls/sbuf.h, lib/sbuf.c,
21046 lib/sbuf.h, lib/verify-tofu.c: updated sbuf interface.
21048 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21050 * NEWS: updated news
21052 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21054 * NEWS, lib/nettle/rnd.c: No need to cache events with the current
21057 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21059 * lib/ext/heartbeat.c: use nonces instead of random data
21061 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21063 * tests/mini-sbuf.c: free all resources
21065 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21067 * lib/nettle/rnd.c: nonces update the internal rng state much
21070 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21072 * NEWS, lib/algorithms/secparams.c, lib/gnutls_int.h,
21073 lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c,
21074 lib/includes/gnutls/gnutls.h.in: Instead of setting directly the
21075 number of DH bits, set a security parameter per session.
21077 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21079 * NEWS, lib/auth/dh_common.c, lib/gnutls_int.h,
21080 lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
21081 lib/gnutls_ui.c: The minimum DH prime bits are now set by the
21082 priority strings (that means they are increased for the SECURE
21085 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21087 * configure.ac: warnings doesn't imply Werror
21089 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21091 * doc/TODO: updated
21093 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21095 * lib/gnutls_ui.c: disable gnutls_certificate_get_peers_subkey_id()
21098 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21100 * lib/nettle/rnd.c: optimized random generator.
21102 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21104 * configure.ac: check for getpid().
21106 2013-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21108 * lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
21109 lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_state.c:
21110 _dtls_timespec_sub_ms -> timespec_sub_ms
21112 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21114 * lib/algorithms.h, lib/algorithms/mac.c: Avoid many indirect calls.
21116 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21118 * lib/nettle/rnd.c: reduced calls to getpid
21120 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21122 * lib/nettle/rnd.c: use the more precise gettime() instead of
21125 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21127 * lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in:
21128 gnutls_range_split accepts pointers as arguments.
21130 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
21132 * NEWS, doc/Makefile.am, lib/gnutls_range.c,
21133 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Make
21134 gnutls_range_split available from the GnuTLS API
21136 2013-01-24 Alfredo Pironti <alfredo@pironti.eu>
21138 * .gitignore, NEWS, lib/libgnutls.map: - Remove references to the (now renamed) gnutls_range_send_message -
21139 Ignore sbuf-api generated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21141 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21143 * lib/auth/psk.h: Some fix when disable-psk-authentication is
21144 specified. Based on patch by Jaak Ristioja.
21146 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21148 * lib/x509/x509_dn.c: rewritten DN parsing code.
21150 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21152 * tests/cert-tests/Makefile.am, tests/cert-tests/template-dn.pem,
21153 tests/cert-tests/template-dn.tmpl, tests/cert-tests/template-test:
21154 test the DN functionality of certtool.
21156 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21158 * tests/cert-tests/dane: dane test no longer fails if danetool isn't
21161 2013-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21163 * lib/system.c, lib/tpm.c, lib/x509/common.c,
21164 lib/x509/pkcs12_encr.c, lib/x509/x509_dn.c: use the non-locale
21165 dependent versions of isxxx functions.
21167 2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21169 * lib/sbuf.c: allow writes of more than the maximum record data.
21171 2013-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21173 * NEWS, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
21174 lib/includes/gnutls/gnutls.h.in: introduced gnutls_cork() and
21177 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21179 * NEWS, lib/Makefile.am, lib/includes/gnutls/sbuf.h,
21180 lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
21181 tests/mini-sbuf.c: Added gnutls_sbuf_getdelim() and getline().
21183 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21185 * NEWS, doc/invoke-gnutls-cli.texi: doc updates
21187 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21189 * lib/gnutls_cipher.c, lib/gnutls_range.c, lib/gnutls_record.c,
21190 lib/gnutls_record.h: Small changes and a sanity check
21192 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21194 * lib/x509/ocsp_output.c, lib/x509/output.c: print static strings
21195 without a printf-like function.
21197 2013-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21199 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
21200 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
21201 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
21202 src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c,
21203 src/socket.h: Updated ranges patch.
21205 2013-01-22 Alfredo Pironti <alfredo@pironti.eu>
21207 * doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
21208 doc/invoke-gnutls-cli.texi, lib/Makefile.am,
21209 lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
21210 lib/gnutls_cipher.h, lib/gnutls_int.h, lib/gnutls_priority.c,
21211 lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
21212 lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.def,
21213 src/cli-args.h, src/cli.c, src/socket.c, src/socket.h,
21214 tests/mini-record.c: GnuTLS Length Hiding patch. - Remove random padding; use minimal padding with legacy interface - With new interface, use LH when possible, that is in CBC mode or
21215 with the new padding extension - Rename priority to "NEW_PADDING" - gnutls-cli: add command line switch --ranges using LH when
21216 possible. - Update documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21218 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21220 * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
21221 lib/libgnutls.map: changed function name to
21222 gnutls_session_force_valid.
21224 2013-01-22 Martin Storsjo <martin@martin.st>
21226 * lib/gnutls.pc.in: Update Libs.private with @LIB_CLOCK_GETTIME@ as
21227 well This is required when linking as static libraries on linux, for
21228 -lrt. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21230 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21232 * lib/gnutls_priority.c: set a default error position.
21234 2013-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21236 * lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
21237 lib/libgnutls.map: Added gnutls_session_clear_invalid
21239 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21241 * doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: updated docs
21244 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21246 * NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
21247 lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added
21248 gnutls_record_set_timeout().
21250 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21252 * lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
21253 lib/includes/gnutls/sbuf.h, lib/sbuf.c: updated sbuf layer.
21255 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21257 * doc/invoke-certtool.texi: Updated doc
21259 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21261 * src/certtool-common.c: corrected C parameter generation.
21263 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21265 * configure.ac, lib/Makefile.am, lib/gnutls.pc.in: Updated
21266 Libs.private with all the required libraries
21268 2013-01-21 Martin Storsjo <martin@martin.st>
21270 * lib/gnutls.pc.in: Include libiconv in Libs.private This makes static linking succeed if the library is configured to
21271 use libiconv. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21273 2013-01-21 Martin Storsjo <martin@martin.st>
21275 * lib/gnutls_global.c, lib/verify-tofu.c: Define _gnutls_file_mutex
21276 in gnutls_global.c instead of in verify-tofu.c This fixes issues with linking the tools on OS X if not building
21277 shared libraries. Currently, if building with --disable-shared on OS X, the build
21278 fails with: CCLD gnutls-serv Undefined symbols for architecture x86_64: "__gnutls_file_mutex", referenced from: _gnutls_global_deinit in libgnutls.a(gnutls_global.o) _gnutls_global_init in libgnutls.a(gnutls_global.o) ld:
21279 symbol(s) not found for architecture x86_64 It seems that the linker fails to pull in verify-tofu.o to satisfy
21280 the undefined reference to _gnutls_file_mutex.o in gnutls_global.o
21281 unless gnutls_global.o (or any other object file in the link) also
21282 calls functions that pulls in verify-tofu.o. Since gnutls_global.o
21283 always is linked in, but verify-tofu.o can be left out unless
21284 someone calls the functions in it, defining the mutex in
21285 gnutls_global.c makes sense and simplifies the dependencies. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21287 2013-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21289 * src/Makefile.am, src/certtool-args.c, src/certtool-args.def,
21290 src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
21291 src/certtool.c, src/dh.c: Added --cprint option to certtool
21293 2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21295 * doc/README.CODING_STYLE: updated coding style
21297 2013-01-20 Alon Bar-Lev <alon.barlev@gmail.com>
21299 * src/Makefile.am: build: add danetool-args.c to BUILT_SOURCES Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
21300 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21302 2013-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21304 * .gitignore, tests/suite/Makefile.am,
21305 tests/suite/mini-record-timing.c: Added program to estimate the
21306 timings in different record paddings.
21308 2013-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21310 * doc/invoke-danetool.texi, libdane/dane.c,
21311 libdane/includes/gnutls/dane.h, src/danetool-args.c,
21312 src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
21313 --insecure flag to danetool.
21315 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21317 * src/certtool.c, tests/cert-tests/template-test.pem,
21318 tests/cert-tests/template-utf8.pem: modified certtool order of DN
21321 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21323 * tests/mini-sbuf.c: properly deinitialized sbuf
21325 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21327 * tests/mini-dtls-record.c: initialize buffer before sending.
21329 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21331 * NEWS, tests/dn2.c: corrected test for new names and updated news.
21333 2013-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21335 * NEWS, libdane/dane.c, libdane/errors.c,
21336 libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
21337 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
21338 src/danetool.c: Added options to specify a DLV file. Suggested by
21341 2013-01-17 Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>
21343 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
21344 lib/x509/x509_dn.c: Added gnutls_x509_crt_set_issuer_dn().
21346 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21348 * doc/invoke-certtool.texi: updated certtool doc
21350 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21352 * NEWS, doc/TODO, doc/cha-cert-auth2.texi,
21353 lib/includes/gnutls/x509.h, lib/libgnutls.map,
21354 lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
21355 lib/x509/x509_dn.c, src/certtool-args.c, src/certtool-args.def,
21356 src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h,
21357 src/certtool.c: Added functions to directly set the DN in a
21358 certificate or request from an RFC4514 string.
21360 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21362 * .gitignore: more files to ignore
21364 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21366 * NEWS, doc/cha-gtls-app.texi, lib/Makefile.am,
21367 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/sbuf.c,
21368 tests/Makefile.am, tests/mini-sbuf.c: Added functions to assist
21369 buffering during transmission. Added the gnutls_sbuf_t structure and accompanying functions to
21370 enable buffering in sending application data.
21372 2013-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21374 * libdane/dane-params.c: corrected copyright.
21376 2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21378 * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
21379 lib/nettle/rnd.c: Added new error code GNUTLS_E_RANDOM_DEVICE_ERROR.
21381 2013-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21383 * lib/nettle/egd.c: Corrected issue when an EGD device was not
21384 found. Reported by Joshua Phillips.
21386 2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21388 * cfg.mk: Added config rule
21390 2013-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21392 * doc/examples/ex-client-x509.c: doc fix
21394 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21396 * lib/x509/pkcs12.c: doc fix
21398 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21400 * lib/pkcs11.c: small updates
21402 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21404 * doc/reference/gnutls-docs.sgml: update
21406 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21408 * lib/x509/crq.c: simplified naming
21410 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21412 * doc/reference/gnutls-docs.sgml: update
21414 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21416 * lib/ext/status_request.c, lib/gnutls_dh_primes.c,
21417 lib/gnutls_ui.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
21418 lib/pkcs11.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
21419 lib/x509/pkcs7.c, lib/x509/x509.c: Added correct since
21421 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21423 * doc/latex/gnutls.tex: added babel (not sure why)
21425 2013-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21427 * doc/reference/gnutls-docs.sgml: updated for 3.1
21429 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21431 * lib/nettle/pk.c: corrected error code
21433 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21435 * cross.mk: updated makefile
21437 2013-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21439 * configure.ac: use AC_CONFIG_HEADER. Reported by Marko Lindqvist
21441 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21443 * NEWS: documented updates
21445 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21447 * lib/gnutls_record.c: corrected typo
21449 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21451 * lib/libgnutls.map: updated exported function name
21453 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21457 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21459 * doc/cha-gtls-app.texi, lib/ext/new_record_padding.c,
21460 lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
21461 tests/mini-record.c: NEW_RECORD_PADDING priority string was renamed
21464 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21466 * lib/gnutls_cipher.c: corrected compression.
21468 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21470 * lib/includes/gnutls/x509.h: removed utf8 chars
21472 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21474 * doc/latex/gnutls.tex: updates in output
21476 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21478 * tests/mini-record.c: Added checks for new record padding format.
21480 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21482 * lib/gnutls_cipher.c, lib/gnutls_record.c: better checks in new
21485 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21487 * lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: use
21488 padding also if in DTLS.
21490 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21492 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
21493 some simplifications
21495 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21497 * lib/gnutls_dtls.c: use new_record_padding in DTLS data mtu
21500 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21502 * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
21503 simplified decryption
21505 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21507 * lib/ext/new_record_padding.c: removed debugging
21509 2012-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21511 * lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
21512 lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
21513 lib/gnutls_cipher.c, lib/gnutls_extensions.c,
21514 lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
21515 lib/gnutls_priority.c, lib/gnutls_record.c,
21516 lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in,
21517 lib/libgnutls.map: Added a new record padding mechanism. It is negotiated via an extension and record data are now formatted
21518 as: ciphered-struct { opaque pad<0..2^16-1> opaque content[TLSCompressed.length]; opaque MAC[CipherSpec.hash_size]; } The ciphered-struct size is
21519 always 0 modulo the block size in block ciphers to avoid any need
21520 for additional padding. Added extension to negotiate new record padding.
21522 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21524 * .gitignore, tests/Makefile.am, tests/mini-dtls-record.c: Added
21525 test for duplicate packet detection in DTLS.
21527 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21529 * lib/gnutls_dtls.c, lib/gnutls_int.h: Simplified DTLS sliding
21530 window implementation.
21532 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21534 * lib/gnutls_record.c: Termination when expecting an alert is
21535 handled gracefully in DTLS.
21537 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21539 * NEWS: living in the past
21541 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21543 * NEWS, m4/hooks.m4: bumped library version
21545 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21547 * NEWS: updated news
21549 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21551 * doc/cha-library.texi, doc/cha-tokens.texi, lib/Makefile.am,
21552 lib/tpm.c: If trousers is not present define the TPM functions but
21553 have them return GNUTLS_E_UNIMPLEMENTED_FEATURE.
21555 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21557 * configure.ac: tpm support is disabled by default
21559 2013-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21561 * doc/TODO: updated
21563 2013-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21565 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
21566 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
21567 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
21568 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
21569 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
21570 doc/manpages/tpmtool.1: updated autogen'ed files.
21572 2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21574 * doc/cha-auth.texi, doc/cha-tokens.texi, doc/latex/Makefile.am,
21575 doc/latex/gnutls.tex: doc updates
21577 2012-12-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21579 * libdane/dane-params.c, libdane/dane.c: KU Leuven copyright stuff
21580 is LGPL version 2.1 or later
21582 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21584 * THANKS: updated thanks file
21586 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21588 * README-alpha: updated git2cl link
21590 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21592 * doc/cha-auth.texi: corrected typos
21594 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21596 * doc/cha-auth.texi: updated in auth chapter
21598 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21600 * doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
21601 doc/cha-cert-auth2.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
21602 doc/invoke-certtool.texi, doc/invoke-danetool.texi,
21603 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
21604 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
21605 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
21606 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: Reorganization of
21607 the authentication chapter.
21609 2012-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21611 * doc/cha-auth.texi, doc/gnutls.texi: Added authentication methods
21614 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21616 * doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
21617 doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
21618 doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
21619 doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
21620 doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
21621 doc/examples/ex-serv-x509.c: better code in client and server
21624 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21626 * NEWS, lib/nettle/pk.c: made PKCS#1 1.5 encoding and decoding
21627 stricter. Reported by Kikuchi Masashi.
21629 2012-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21631 * lib/gnutls_record.c: corrected typo
21633 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21635 * lib/gnutls_record.c: Termination when expecting an alert is
21636 handled gracefully in DTLS.
21638 2012-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21640 * NEWS, lib/ext/heartbeat.c: Improvements in heartbeat handling.
21642 2012-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21644 * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c,
21645 doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
21646 doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: drop
21647 unecessary function in examples
21649 2012-12-20 Martin Storsjo <martin@martin.st>
21651 * lib/ext/srtp.c: Don't match further SRTP profiles after one match
21652 has been found This makes SRTP profile matching more straightforward and intuitive,
21653 when the first matching SRTP profile will be the one selected, not
21654 the last one as before. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21656 2012-12-20 Martin Storsjo <martin@martin.st>
21658 * lib/crypto-api.c: Fix the parameter name to gnutls_key_generate Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21660 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21664 2012-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21666 * tests/suite/testcompat: corrected datefudge test
21668 2012-12-18 Martin Storsjo <martin@martin.st>
21670 * lib/system_override.c: Fix docs for
21671 gnutls_transport_set_pull_timeout_function The timeout function returns int, not ssize_t. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
21673 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21675 * lib/x509/x509_write.c: doc update
21677 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21679 * configure.ac: bumped version
21681 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21683 * tests/suite/mini-eagain2.c: added config.h
21685 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21687 * configure.ac: corrected wording
21689 2012-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21691 * build-aux/snippet/warn-on-use.h, gl/Makefile.am, gl/base64.c,
21692 gl/error.c, gl/fstat.c, gl/getaddrinfo.c, gl/m4/base64.m4,
21693 gl/m4/error.m4, gl/m4/extern-inline.m4, gl/m4/fstat.m4,
21694 gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4,
21695 gl/m4/lock.m4, gl/m4/lstat.m4, gl/m4/math_h.m4, gl/m4/open.m4,
21696 gl/m4/stat.m4, gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4,
21697 gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
21698 gl/math.c, gl/math.in.h, gl/stdio.c, gl/stdio.in.h,
21699 gl/sys_socket.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
21700 gl/tests/ftruncate.c, gl/tests/glthread/lock.c, gl/tests/lstat.c,
21701 gl/tests/open.c, gl/tests/stat.c, gl/unistd.c, gl/unistd.in.h,
21702 gl/vasnprintf.c, maint.mk: updated gnulib
21704 2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21706 * tests/suite/Makefile.am: corrected test
21708 2012-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21710 * doc/invoke-certtool.texi, src/certtool-args.c,
21711 src/certtool-args.def, src/certtool-args.h: certtool
21712 --generate-request option conflicts with --infile. Suggested by
21715 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21719 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21721 * doc/Makefile.am, doc/invoke-danetool.texi,
21722 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
21723 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
21724 doc/invoke-psktool.texi, doc/invoke-srptool.texi,
21725 doc/invoke-tpmtool.texi, doc/manpages/Makefile.am,
21726 doc/manpages/tpmtool.1: use ECHO_N
21728 2012-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21730 * tests/suite/Makefile.am: do not build ecore in macosx
21732 2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21734 * README, README-alpha: updated urls
21736 2012-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21738 * doc/gnutls.texi, doc/latex/cover-epub.tex, doc/latex/cover.tex,
21739 lib/gnutls_privkey.c, lib/x509/crq.c, lib/x509/pkcs12.c,
21740 tests/pkcs12_simple.c: corrected copyright notices
21742 2012-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21744 * doc/invoke-certtool.texi, src/certtool-args.c,
21745 src/certtool-args.def, src/certtool-args.h: updated documentation.
21747 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21749 * lib/x509/common.c: _gnutls_strdatum_to_buf() will account for NULL
21752 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21754 * lib/x509/output.c: allow GNUTLS_E_SHORT_MEMORY_BUFFER in
21755 gnutls_x509_crq_get_challenge_password
21757 2012-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21759 * lib/x509/crq.c: doc update
21761 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21763 * doc/invoke-p11tool.texi, src/p11tool-args.c,
21764 src/p11tool-args.def, src/p11tool-args.h: updated documentation
21766 2012-12-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21768 * lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
21769 tests/key-openssl.c, tests/pkcs12_simple.c: Import PKCS #12 keys
21771 2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21773 * NEWS: document fix
21775 2012-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21777 * lib/gnutls_cipher.c: Corrected bugs in record parsing. Corrected bugs in record padding parsing. Reported by Kenny
21778 Patterson and Nadhem Alfardan.
21780 2012-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21782 * NEWS: documented fixes
21784 2012-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21786 * lib/ext/srtp.c, lib/ext/srtp.h: corrected copyright
21788 2012-12-01 Ludovic Courtès <ludo@gnu.org>
21790 * guile/src/Makefile.am: guile: Fix dependencies to be
21793 2012-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21795 * doc/cha-cert-auth.texi: Revert "do not document low-level
21796 functions" This reverts commit 7b334d581007ba4a91837edb1e0081959f32e363.
21798 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21800 * README: mention dependencies in readme
21802 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21804 * cfg.mk: update @VERSION@ -> actual version on the web manual
21806 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21808 * doc/cha-cert-auth.texi: doc update
21810 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21812 * cfg.mk: simplified generation of documentation
21814 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21816 * doc/cha-gtls-app.texi: mention gnutls_sec_param_get_name
21818 2012-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21820 * doc/cha-crypto.texi, lib/gnutls_ui.c: doc updates
21822 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21824 * src/socket.c: corrected socket loop. Based on patch by Mantas
21827 2012-11-26 Simon Josefsson <simon@josefsson.org>
21829 * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
21830 lib/minitasn1/element.c, lib/minitasn1/int.h,
21831 lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
21832 lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update
21833 minitasn1 to version 3.1.
21835 2012-11-26 Simon Josefsson <simon@josefsson.org>
21837 * .gitignore, build-aux/snippet/unused-parameter.h,
21838 doc/gendocs_template, maint.mk: Update gnulib tools. Add missing
21839 unused-parameter.h template.
21841 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21845 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21847 * src/cli.c, src/ocsptool-common.c, src/socket.c, src/socket.h:
21848 gnutls-cli will try to cannot to all possible returned addresses.
21850 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21852 * doc/TODO: updated todo list
21854 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21856 * NEWS, lib/x509/x509.c: gnutls_x509_crt_get_policy() allows for a
21857 list of zero policy qualifiers.
21859 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21861 * src/libopts/usage.c: Added hack to print the parameters correctly
21864 2012-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21866 * lib/x509/x509.c: updated
21868 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21870 * tests/cert-tests/template-test: repeat the tests to avoid
21871 accidental failures
21873 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21875 * lib/x509/dn.c: LDAP string escaping was made stricter (rfc4514
21878 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21880 * lib/pkix.asn, lib/pkix_asn1_tab.c: removed unneeded types.
21882 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21884 * lib/x509/common.c: UniversalString (UTF-32) is handled as
21885 non-printable for now.
21887 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21889 * doc/TODO: updated todo list
21891 2012-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21893 * lib/x509/common.c: Allow for bit strings that are not a multiple
21896 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21898 * NEWS, cross.mk: updated
21900 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21902 * m4/hooks.m4: require libtasn1 3.1 or later
21904 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21906 * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c, lib/tpm.c,
21907 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
21908 lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
21909 lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
21910 lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/x509.c,
21911 lib/x509/x509_int.h, lib/x509/x509_write.c, tests/crq_apis.c,
21912 tests/set_pkcs12_cred.c: rewritten ASN.1 handling string subsystems
21913 to use the new libtasn1 APIs.
21915 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21917 * NEWS: released 3.1.5
21919 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21921 * .gitignore: more files to ignore
21923 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21925 * lib/x509/common.c: corrected placeOfBirth DN parsing.
21927 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21929 * lib/gnutls_global.c: no need to release struct
21931 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21933 * doc/cha-cert-auth.texi: do not document low-level functions
21935 2012-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21937 * lib/nettle/ecc_mulmod_cached.c: set cache to null after
21940 2012-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21942 * tests/cert-tests/template-test: fixed test
21944 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21946 * .gitignore, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
21947 gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
21948 gl/iconv_open-aix.gperf, gl/iconv_open-aix.h,
21949 gl/iconv_open-hpux.gperf, gl/iconv_open-hpux.h,
21950 gl/iconv_open-irix.gperf, gl/iconv_open-irix.h,
21951 gl/iconv_open-osf.gperf, gl/iconv_open-osf.h,
21952 gl/iconv_open-solaris.gperf, gl/iconv_open-solaris.h,
21953 gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
21954 gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4,
21955 gl/m4/inline.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
21956 gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
21957 gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/setlocale.m4,
21958 gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c,
21959 gl/tests/localename.h, gl/tests/setlocale.c,
21960 gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
21961 gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
21962 gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
21963 gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
21964 gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
21965 gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
21966 gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
21967 gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
21968 gl/unistr/u8-uctomb.c, gl/unitypes.in.h: iconv() will include the
21969 UCS2->UTF8 convertion in systems that is not provided.
21971 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21973 * lib/pkix_asn1_tab.c: use the old type for compatibility
21975 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21977 * lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: updated
21980 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21982 * configure.ac, m4/hooks.m4: bumped version
21984 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21986 * lib/system.c: simplified UTF-8 encoding.
21988 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21990 * NEWS, doc/invoke-danetool.texi, src/Makefile.am,
21991 src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
21992 src/danetool.c: danetool is being built even without libgnutls-dane. The --check functionality is not operational though. It can only
21993 generate tlsa records.
21995 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
21997 * tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
21998 tests/cert-tests/template-utf8.pem,
21999 tests/cert-tests/template-utf8.tmpl: Added test on UTF-8 certificate
22002 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22004 * lib/x509/dn.c: removed redundant check
22006 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22008 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
22009 src/certtool-args.def, src/certtool-args.h, src/certtool.c: updated
22012 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22014 * lib/x509/x509.c: update
22016 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22018 * doc/cha-cert-auth.texi, lib/x509/x509.c: doc update
22020 2012-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22022 * doc/cha-cert-auth2.texi, lib/pkcs11_privkey.c, lib/x509/output.c,
22023 lib/x509/x509.c, lib/x509/x509_write.c: doc update
22025 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22027 * lib/x509/x509_write.c: enforce the 200 character limit.
22029 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22031 * NEWS, lib/system.c: improved iconv support.
22033 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22035 * tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
22036 tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem,
22037 tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen:
22038 updated for new output
22040 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22042 * NEWS: news update
22044 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22046 * NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
22047 doc/invoke-certtool.texi, doc/manpages/Makefile.am,
22048 lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
22049 lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
22050 lib/x509/output.c, src/certtool-args.c, src/certtool-args.def,
22051 src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
22052 src/certtool.c, src/tpmtool.c: Several updates in certificate/public
22053 key printing. * Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an
22054 easier to parse format. * Added gnutls_pubkey_import_x509_crq() to convert a certificate
22055 request to a public key. * Added gnutls_pubkey_print() to simplify public key printing. * certtool's pubkey-info can be combined with --load-request. * Added --numbers option to certtool which prints big numbers in an
22056 easier to parser format.
22058 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22060 * build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/dup2.c,
22061 gl/errno.in.h, gl/m4/errno_h.m4, gl/m4/gnulib-cache.m4,
22062 gl/m4/gnulib-comp.m4, gl/m4/select.m4, gl/m4/stdlib_h.m4,
22063 gl/select.c, gl/stdlib.in.h, gl/strerror-override.c,
22064 gl/strerror-override.h, gl/tests/Makefile.am, gl/tests/dup2.c,
22065 gl/tests/fcntl.in.h, gl/tests/test-fcntl-h.c,
22066 gl/tests/test-iconv.c, gl/tests/test-select.h, lib/system.c,
22067 m4/hooks.m4, maint.mk: use gnulib to detect iconv.
22069 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22071 * NEWS, configure.ac, lib/Makefile.am, lib/system.c: check for
22072 either iconv or libiconv.
22074 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22076 * src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
22077 src/certtool-cfg.c: simplified parsing
22079 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22081 * lib/x509/output.c: print header only on the first policy
22083 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22085 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
22086 src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c,
22087 src/certtool-cfg.h, src/certtool.c: certtool is able to set
22088 certificate policies via a template
22090 2012-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22092 * NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
22093 lib/x509/dn.c, lib/x509/output.c, lib/x509/x509.c,
22094 lib/x509/x509_write.c: Added gnutls_x509_crt_set_policy()
22096 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22098 * lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
22099 lib/x509/x509.c: doc update
22101 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22103 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
22104 lib/includes/gnutls/x509.h, lib/x509/output.c, lib/x509/x509.c:
22107 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22109 * lib/system.c: corrected win32 UCS2 conversion.
22111 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22113 * NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
22114 lib/includes/gnutls/x509.h, lib/system.c, lib/x509/output.c,
22115 lib/x509/x509.c: simplified naming
22117 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22119 * NEWS: documented update
22121 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22123 * lib/x509/x509.c: mention the extension OID
22125 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22127 * tests/cert-tests/aki-cert.pem,
22128 tests/cert-tests/no-ca-or-pathlen.pem: updated certificates to parse
22131 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22133 * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/x509.c: handle
22136 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22138 * tests/cert-tests/Makefile.am, tests/cert-tests/bmpstring.pem,
22139 tests/cert-tests/pem-decoding: Added simple check for bmpstring
22142 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22144 * lib/system.c: Added _gnutls_ucs2_to_utf8() for windows (untested)
22146 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22148 * lib/x509/common.c: If _gnutls_ucs2_to_utf8() handle the data as
22149 non-printable (fallback to previous behavior).
22151 2012-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22153 * lib/x509/x509.c: doc update
22155 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22157 * NEWS: documented updates
22159 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22161 * configure.ac: check for iconv
22163 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22165 * lib/system.c, lib/x509/common.c: map the whole ascii set
22167 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22169 * lib/x509/common.c: Handle BMPString in DNs.
22171 2012-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22173 * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
22174 lib/pkix_asn1_tab.c, lib/system.c, lib/system.h, lib/tpm.c,
22175 lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
22176 lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
22177 lib/x509/ocsp.c, lib/x509/output.c, lib/x509/pkcs12.c,
22178 lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
22179 lib/x509/privkey_pkcs8.c, lib/x509/x509.c: Added functions to parse
22180 the certificate policies extention. Added gnutls_x509_crt_get_policy() etc. In addition several updated
22181 in the handling of strings in X.509 structures.
22183 2012-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22185 * doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-crypto.texi,
22186 doc/cha-gtls-app.texi, doc/gnutls.texi, lib/x509/privkey.c: doc
22189 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22191 * lib/gnutls_cert.c: updated doc
22193 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22195 * NEWS: documented update
22197 2012-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22201 2012-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22203 * tests/cert-tests/template-test: Added small text
22205 2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
22207 * doc/examples/Makefile.am: print-ciphersuites was a very useful too
22208 for debugging this. Now it is even built. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
22210 2012-11-15 Tim Kosse <tim.kosse@filezilla-project.org>
22212 * lib/gnutls_priority.c: Don't read past the last list entry in
22213 _add_priority, doing so adds algorithms that shouldn't be added and
22214 can even lead to a segfault. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
22216 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22218 * src/danetool.c: tried to beautify output of danetool
22220 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22222 * lib/gnutls_x509.c: corrected description.
22224 2012-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22226 * lib/gnutls_cert.c: corrected typo
22228 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22232 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22234 * src/pkcs11.c: optimizations in list import
22236 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22238 * lib/pkcs11.c: When listing all objects of a type, restrict their
22239 class to the specified.
22241 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22243 * src/pkcs11.c: Added some help on failure.
22245 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22247 * lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c:
22248 pkcs11_find_object made static.
22250 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22252 * src/certtool-common.c, src/certtool-common.h, src/certtool.c,
22253 src/dh.c, src/p11tool.c, src/pkcs11.c, src/tpmtool.c: get_bits()
22254 does not always warn.
22256 2012-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22258 * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
22259 lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/pkcs11.c: when
22260 generating a PKCS #11 private key print the public key.
22262 2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22264 * NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
22265 src/certtool-args.def, src/certtool-args.h, src/certtool.c: The
22266 pubkey-info option can be combined with the load-privkey to extract
22267 the public key of a private key.
22269 2012-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22271 * doc/examples/ex-client-x509.c, doc/examples/ex-verify-ssh.c,
22272 doc/examples/verify.c: corrected verification examples
22274 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22276 * doc/TODO: removed OCSP extension from TODO
22278 2012-11-09 Diego Elio Pettenò <flameeyes@flameeyes.eu>
22280 * tests/cert-tests/Makefile.am: build: only run the dane cert test
22281 if dane is enabled. This fixes a test failure when disabling dane support. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
22282 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
22284 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22286 * Makefile.am, NEWS, cfg.mk, doc/manpages/Makefile.am,
22287 tests/cert-tests/Makefile.am, tests/cert-tests/cert-ecc256.pem,
22288 tests/cert-tests/dane: last changes for release.
22290 2012-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22292 * doc/Makefile.am, doc/invoke-gnutls-cli.texi,
22293 doc/manpages/Makefile.am, src/common.c: updated
22295 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22297 * lib/gnutls_x509.c: Corrected indication of OCSP check failure.
22299 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22301 * src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: The
22302 status-request option was eliminated. Check OCSP only when the
22303 status response in the handshake was invalid.
22305 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22307 * AUTHORS, NEWS: Added Martin
22309 2012-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22311 * src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
22312 src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
22313 src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
22314 src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
22315 src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
22316 src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
22317 src/tpmtool-args.h: updated
22319 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22321 * doc/invoke-certtool.texi, doc/invoke-danetool.texi,
22322 doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
22323 doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
22324 doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
22325 doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
22326 doc/manpages/tpmtool.1, doc/scripts/cleanup-autogen.pl: remove
22327 @cindex from the invoke-* files.
22329 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22331 * doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
22332 doc/latex/gnutls.bib: doc updates
22334 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22336 * doc/cha-cert-auth.texi: doc update
22338 2012-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22340 * NEWS, lib/algorithms.h, lib/algorithms/mac.c,
22341 lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
22342 lib/libgnutls.map, lib/verify-tofu.c, lib/x509/ocsp_output.c,
22343 lib/x509/output.c, lib/x509/verify.c, tests/chainverify.c: Allow
22344 easier marking of insecure algorithms.
22346 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22348 * lib/gnutls_compress.c: removed debugging
22350 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22352 * NEWS, lib/gnutls_int.h, lib/gnutls_sig.c: key usage violations are
22355 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22357 * NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c,
22358 lib/includes/gnutls/gnutls.h.in: Removed
22359 GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP
22362 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22364 * doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update
22366 2012-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
22368 * gnutls-cli-debug uses server name indication.
22372 Copyright (C) 2005-2012 Free Software Foundation, Inc.
22374 Copying and distribution of this file, with or without
22375 modification, are permitted provided the copyright notice
22376 and this notice are preserved.