ABI
Tracker

(GnuTLS)




Changelog for 3.4.2 version



2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* symbols.last: account new symbols

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: updated
	makefiles for the new functions

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c, lib/x509/x509_ext.c: doc update

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/Makefile.am, lib/x509/pkcs7-output.c,
	lib/x509/pkcs7_output.c: use common base for pkcs7 files

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: added missing symbol

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.4.2

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c, tests/cert-tests/pkcs7: 
	certtool: made explicit the inclusion of time in PKCS #7 signatures

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs7.c: pkcs7:
	write the DER encoded time

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: include the signature time in PKCS #7
	signatures

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: corrected usage of
	GNUTLS_PKCS7_INCLUDE_TIME flag

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: 
	tests: minor updates in pkcs7 output checks to match new certtool

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: rely on gnutls_pkcs7_print() even more

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7_output.c: pkcs7: print certificates and CRLs in
	FULL mode

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: use gnutls_pkcs7_print() - partially

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7_output.c: 
	Added gnutls_pkcs7_print()

2015-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, m4/hooks.m4: bumped version

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/x509sign-verify2.c: tests: added
	signature/verification stress test

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: check also individual
	ciphers for interoperability

2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: better debug messages when verifying MAC

2015-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tpmtool.c: tpmtool: added newline in error messages

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
	reseed detection

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: tests: check random generator for long outputs
	as well

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is
	setup do not perform integrity tests

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
	on reseed

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: fips140: when reseeding only reseed the
	required context not all

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
	the reseed and generate function

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
	enforce the max_number_of_bits_per_request

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/full.p7b.out, tests/cert-tests/pkcs7,
	tests/cert-tests/single-ca.p7b.out: tests: do not include times in
	the PKCS #7 checks as they depend on local timezone

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: addressed memory leaks

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-attrs.c: doc update

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs7-gen.c: tests: Added PKCS #7
	attribute generation check

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: 
	tests: updated for new certtool output

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: print signed and unsigned PKCS #7
	attributes

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pkcs7-attrs.c,
	lib/x509/pkcs7.c, lib/x509/x509_int.h: Added code to parse and set
	PKCS #7 attributes

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pkcs7: tests: added PKCS #7 verification check
	with MD5

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/x509/pkcs7.c, lib/x509/x509.c: use
	the same flags in all verification functions

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: _decode_pkcs7_signed_data: fixed mem leaks

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.h, lib/x509/x509.c, lib/x509/x509_int.h: 
	Initialization of gnutls_x509_dn_t was modified to allow
	deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and
	gnutls_x509_crt_get_issuer() return a constant value and avoid
	leaks.

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: doc:
	Separated the PKCS #7 in manual

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pkcs7: tests: check PKCS #7 structure signature
	generation

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/p7-combined.out,
	tests/cert-tests/pkcs7: tests: check PKCS #7 bundle generation

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: certtool: added
	--p7-generate, --p7-sign and --p7-detached-sign

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
	lib/x509/common.c, lib/x509/pkcs7.c: Added gnutls_pkcs7_sign()

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
	Added gnutls_pkcs7_get_crl_raw2

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: print the signing time when available

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs7.h, lib/x509/common.c, lib/x509/pkcs7.c: 
	pkcs7 verification: parse the signing time

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: on PKCS #7 verification check the the content
	type matches the signed data

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: print more info about the PKCS #7 struct

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.c, src/certtool.c: 
	certtool: allow verification against a direct PKCS #7 signer

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
	tests/cert-tests/pkcs7-detached.txt: tests: added checks with PKCS
	#7 detached data

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: pkcs7 verification: return
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data
	exist

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.h, src/certtool.c: 
	certtool: allow verifying PKCS #7 with detached data

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: improved PKCS #7
	verification output

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pkcs7: tests: check the key purpose in PKCS #7
	verification

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/full.p7b.out,
	tests/cert-tests/pkcs7: tests: added PKCS #7 test with more than 1
	certs

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.h, src/certtool.c: 
	certtool: allow verification of PKCS #7 structures

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
	lib/x509/x509.c: Initialization of gnutls_x509_dn_t was modified to
	allow deinitialization after failure

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/pkcs7.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/dn.c, lib/x509/pkcs7.c: Added PKCS #7
	signature(s) verification

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/verify-high.c: Added
	gnutls_pkcs11_get_raw_issuer_by_subject_key_id and
	gnutls_x509_trust_list_get_issuer_by_subject_key_id

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dn.c: tests: added check for gnutls_x509_dn_get_str

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/x509/x509.c: added gnutls_x509_dn_get_str

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: doc update

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/x509/privkey.c, lib/x509/x509.c: Added
	gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c: verify PKCS
	#7 signed data

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c, lib/x509/x509_int.h: updated PKCS #7 code to
	cache signed_data

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: When manual PKCS #11 configuration is requested
	don't initialize other providers

2015-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: deinitialize PKCS #7 resources

2015-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
	tests/cert-tests/single-ca.p7b.out: tests: Added tests for PKCS7
	cert extraction

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
	gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
	gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
	gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
	gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
	src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
	src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: Revert
	"updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: silence format-signness warnings in gcc5

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
	gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
	gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
	gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
	gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
	src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
	src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: updated
	gnulib

2015-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: Check the OID size for match when
	comparing for the OCSP nonce extension Reported by Hanno Böck.

2015-05-23  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
	used Before, the number of bits of a zero-length number was attempted to
	be extracted, resulting in an error. The changed behaviour is
	consistent with the documentation which explicitly states that 0
	should be returned if no DH key exchange was performed.

2015-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
	include a leading zero

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
	the DH max prime size with 1007 bits or less

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: cleanup unused variable

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: corrected allocation check

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: removed useless check

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: document intentional fallthrough in switch

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ecc.c: ecc ext: check return code of
	_gnutls_buffer_append_data

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/no-signal.c: tests: enhance the no-signal check to include
	proper data sending

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/no-signal.c: tests: check the operation
	of GNUTLS_NO_SIGNAL

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/system.c, lib/system.h: Allow the usage of MSG_NOSIGNAL in send
	functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which
	is available in systems that support the MSG_NOSIGNAL flag to
	send(). That eases the usage of the library within other libraries.
	Resolves #11

2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/hmac-padlock.c: include nettle/memxor when
	needed

2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: send alert when wrong data have been
	received from client

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard.

2015-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib: 
	doc: added section about subject alternative names

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h: handshake_start_time was moved out of the
	DTLS-specific variables

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: apply default timeout for DTLS in
	gnutls_handshake_set_timeout

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: do not perform internationalized
	name checks without libidn

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
	failures

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: eliminate mem leaks in
	mini-loss-time

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: tests: testdane: remove dane.nox.su from the
	list of known to be good hosts

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time enhanced to check
	proper timeouts in both client and server

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
	lib/gnutls_state.c: dtls: combined the total timeouts of DTLS and
	TLS handshake That also makes the waits for packets more robust against blocking.

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/compat.h: define
	GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA

2015-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc: updated text to account for pkcs11-url
	standardization

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-mtu.c: tests: mini-dtls-mtu: compile in windows

2015-05-04  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* doc/cha-intro-tls.texi: doc: Fixed typo in heartbeat
	documentation.

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.4.1

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/abi3.4.xml: updated abi base for 3.4

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: updated

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.4.1

2015-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
	timeouts

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: use
	macro for DTLS default timeout

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
	work with DTLS

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: document the need for
	gnutls_transport_set_pull_timeout_function

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: updated async operation text

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_state.c: disable default
	handshake timeout It caused issues with non-blocking TLS clients and servers which may
	not want to block while the pull timeout function waits.

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-tls-nonblock.c: tests: added check
	to verify that pull timeout is not called on non-blocking sessions

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/system_override.c: 
	GNUTLS_NONBLOCK can be used for non-DTLS sessions as well

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system_override.c: doc update

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: doc update

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/keygen.c, tests/slow/Makefile.am,
	tests/slow/keygen.c: tests: key generation test was moved to main
	checks This will allow to catch memory leaks with valgrind.

2015-04-28  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/nettle/pk.c: fix memory leak in ECDSA key parameters
	verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
	minitasn1

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS
	name constraints with leading dot Patch by Fotis Loukos.  Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc update

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: updated text for gnutls_pkcs11_init

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: updated pkcs11 loading documentation

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-etm.c: tests: mini-etm: use TLS as the transport layer

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sign-md5-rep.c: tests: added comment for sign-md5-rep

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/fr.po.in: Sync with TP.

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
	for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.

	http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: before falling back to SHA1 as signature
	algorithm in TLS 1.2 check if it is enabled

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
	consider any values from the extension data to decide acceptable
	algorithms

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509-cert-callback.c: tests: added unit tests for
	gnutls_certificate_client_get_request_status

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: set the value used by
	gnutls_certificate_client_get_request_status prior to selecting
	certificate That allows gnutls_certificate_client_get_request_status() to be
	properly operating from the callback. Reported by Anton Lavrentiev.

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated doc for retrieve function

2015-04-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/latex/gnutls.bib: updated PKCS #11 URL
	references to rfc7512

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: doc update

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509self.c: tests: added check for gnutls_credentials_get

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_auth.c, lib/gnutls_cert.c: doc update

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc: corrected typo

2015-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume-dtls.c: tests: resume-dtls: remove global variables

2015-04-21  Andreas Metzler <ametzler@bebt.de>

	* doc/cha-gtls-app.texi: List all certificate type priority strings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa.c: tls-rsa: keep a common code path when doing RSA
	decryption Suggested by Nimrod Aviram.

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-rehandshake.c, tests/mini-handshake-timeout.c,
	tests/mini-key-material.c, tests/mini-loss-time.c,
	tests/mini-record-retvals.c, tests/mini-rehandshake-2.c: tests:
	initialize status where needed

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/openpgp-auth2.c: tests: cleanup openpgp-auth2

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-rehandshake.c: tests: cleanup
	mini-dtls-rehandshake

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c, tests/resume.c: tests: resume: check for
	signals

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/certificate_set_x509_crl.c, tests/mini-record-range.c,
	tests/mini-x509-callbacks.c, tests/openpgp-auth2.c,
	tests/record-sizes-range.c, tests/resume.c: tests: reduced compiler
	warnings

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509.c: tests: verify the return value of
	gnutls_certificate_get_ours when no cert is sent

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c, tests/resume.c: tests: close unused file
	descriptors in resume checks

2015-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: libopts: fixed the reading of the
	--enable-local-libopts flag

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/common.c, src/common.h: gnutls-cli: when no
	certificate is sent, notify the user

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-x509-cert-callback.c: tests: added
	check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/openpgp-callback.c: tests: added check for
	gnutls_certificate_get_ours() when used in combination with
	callbacks

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509dn.c: tests: improved x509dn check

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
	certificate even if a callback was used This corrects a bug where this function would not work, when
	gnutls_certificate_set_retrieve_function2() was used.

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: when a certificate is specified
	require the corresponding private key

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: ensure that the X.509 version number is one byte
	only

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: Check for invalid length in the X.509 version
	field If such an invalid length is detected, reject the certificate.
	Reported by Hanno Böck.

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: initialize certs to NULL

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: print when the peer's certificate is not
	verified

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/fr.po.in: Sync with TP.

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/system-keys-win.c: ncrypt.h lacks some defines with some
	versions of MinGW.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/system-keys-win.c: Fix a preprocessor warning about mismatched
	quotes.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/system-keys-win.c: Set _WIN32_WINNT to 0x600, at least with
	some MinGW versions ncrypt.h checks this define to be at least
	0x600.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/gnutls_supplemental.c: Fix include order, include gnutls_int.h
	before gnutls.h, otherwise undefined external references to
	gnutls_free and gnutls_strdup are the result when statically linking
	against GnuTLS built by MinGW.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c: gnutls-cli: removed CCM from the ciphers
	tested with the old API That prevents a crash of the benchmark. Reported by James Cloos.

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c: refuse to use the old cipher API with
	AEAD-only ciphers

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-termination.c, tests/resume-dtls.c, tests/resume.c: 
	tests: ignore sigpipe in resume and termination tests

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc: added error check in example

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc: removed stray @end

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/x509.c: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: x509: when printing the keyid of a certificate
	use the curve name for randomart

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: gnutls_x509_crt_get_pk_* are based on
	gnutls_pubkey_export_*

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: gnutls_pubkey_export_* are tolerable in null
	input

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/x509.c: Added
	gnutls_x509_crt_get_pk_ecc_raw()

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c: randomart: corrected usage of snprintf

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: when generating an ECDSA key use the
	curve name in random art

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c: randomart: only print key size if it is
	non-zero

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.4.0

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.c: Remove SOCK_CLOEXEC from socket() call.  That allows compilation in systems where this flag doesn't exist.
	Resolves #7

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: document the recommended re-handshake
	process

2015-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: remove duplicate entries from manpages
	Makefile

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/certtool: tests: enhanced cert tests with SHA256
	key IDs

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: modified to allow different key ID
	algorithms

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
	lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/x509.c: Added flags which modify the algorithm used for key
	ID calculation

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: gnutls_record_discard_queued() is both for
	TLS and DTLS

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: document the new crypto register functions

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc: avoid spaces in showfunc

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: added files into dist

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: configure: ask for nettle 3.1

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.4.0

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: gnutls-cli: document the method to override the
	detected ciphers

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c: fixed AESNI CCM
	encryption

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c: cleanups in CCM-aesni

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-polarssl: tests: test CCM-8 against
	polarssl

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: test
	for AES-CCM

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: doc: added 'git submodule update' to clone steps

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/announce.txt: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.c: removed unused functions

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c, lib/gnutls_cipher_int.c: extend the fallback
	to setkey in addition to init

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/cipher-override2.c,
	tests/slow/override-ciphers: tests: verify the behavior of
	GNUTLS_E_NEED_FALLBACK

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c, lib/gnutls_cipher_int.c,
	lib/includes/gnutls/gnutls.h.in: introduced GNUTLS_E_NEED_FALLBACK
	to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls
	should proceed with the default algorithms.

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: ciphersuites: moved CCM
	ciphersuites in the appropriate ifdefs

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/test-ciphers.js: tests: ciphersuite test
	will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different
	than the expected.

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: document CCM and CCM-8

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c, tests/mini-record-failure.c,
	tests/mini-record.c: tests: added CCM and CCM_8 into ciphersuite
	tests

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c,
	lib/accelerated/x86/x86-common.c, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/cipher.c: Added CCM-8 ciphersuites

2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt: updated announce text

2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* symbols.last: symbols: added the new supplemental functions

2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc update

2015-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: delay tests that depend on
	timing when they fail That often prevents failures on busy systems.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: don't enforce iv_size > block_size; it is no
	longer true for all ciphers

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: simplified calc_enc_length_stream

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-supplementaldata.c: tests: updated supplemental API

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: gnutls_ext_register will fail on double
	registration

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_supplemental_register will fail on double registration

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, symbols.last: symbols: added new exported functions

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am,
	doc/scripts/getfuncs-map.pl: doc: updated makefiles to include new
	functions

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: libgnutls.map: remove
	gnutls_record_set_max_empty_records

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: account for the renamed
	gnutls_supplemental_recv/send

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: document the export supplemental data API

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: Added
	documentation for gnutls_do_send/recv_supplemental

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/gnutls_mem.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, lib/safe-memfuncs.c, lib/tpm.c: doc updates

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-shared-key.texi, lib/auth/srp_sb64.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
	lib/tpm.c, lib/x509_b64.c: the base64 xxx_alloc functions were
	renamed to xxx2 That brings them in par with the rest of the allocation functions.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/pkcs11.c: p11tool: use the key usage flags to set PKCS #11
	properties

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: use key_usage to
	set the appropriate flags

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
	cleanups in supplemental data support

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c: DH: do not warn on zero q_bits

2015-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: rearrange entries

2015-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: certtool --generate-dh-params
	will account for --outder Resolves #5

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: chacha20-poly1305: ciphersuite
	numbers correspond to the latest draft

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: improved output message

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: removed unecessary warning

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h: doc update: account for new functions

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: better output text

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: added
	GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL.

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification.

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: 
	gnutls_priv/pubkey_import_url replace:
	gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: corrected import of pubkey in DER format

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-etm.c: tests: added check for EtM
	negotiation

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/ext/etm.c,
	lib/gnutls_int.h, lib/gnutls_priority.c: only send EtM extension if
	we have CBC ciphersuites

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: mention gnutls_privkey_sign_raw_data in
	upgrade section

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
	lib/libgnutls.map: gnutls_privkey_sign_raw_data: converted to macro
	over gnutls_privkey_sign_hash

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509sign-verify.c: tests: added check for the legacy
	gnutls_privkey_sign_raw_data

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: avoid compilation warnings in self checks
	(take 2)

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: Revert "selftests: avoid compilatio
	warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on
	copy/generation is correct

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: allow setting the CKA_ID on object
	initialization/generation

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: exported new functions

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
	enhanced key generation functions to allow specifying a CKA_ID

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: selftests: avoid compilatio warnings

2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy
	functions to allow specifying a CKA_ID

2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-server-name.c: tests: mini-server-name: ignore sigpipe

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suppressions.valgrind: tests: added more libidn-related
	valgrind suppressions

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/texinfo.css: doc: increase border spacing in HTML tables

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: doc: list chacha20-poly1305 to the list of
	ciphers

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: manpages: automatically adjust the
	copyright year on generated pages

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-server-name.c: tests: added check
	for gnutls_server_name_get and gnutls_server_name_set

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/test-ciphers.js: test-ciphers.js: improved
	ciphersuite checks

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected
	GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/scan-gnutls.sh: updated
	test-ciphersuite.sh for new types

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: Better fix for the double free in dist point
	parsing

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
	minitasn1

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey: increase size
	for attributes

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: moved chacha20-poly1305
	ciphersuites to the 0xCD space

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: doc update: replace cryptographic algorithm by
	encryption algorithm

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
	lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
	gnutls_x509_aki_set_cert_issuer will set null-terminated strings

2015-03-27  Jiří Klimeš <jklimes@redhat.com>

	* lib/crypto-api.c: doc: be consistent in the function descriptions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

2015-03-27  Jiří Klimeš <jklimes@redhat.com>

	* lib/crypto-api.c: doc: correct the description of crypto API
	functions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

2015-03-27  Jiří Klimeš <jklimes@redhat.com>

	* doc/examples/ex-client-x509.c, lib/ext/server_name.c,
	lib/x509/output.c: Fix a few compiler warnings about unused
	variables [-Wunused-variable] Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: fixed CHACHA20-POLY1305 in DTLS

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, src/benchmark-tls.c: gnutls-cli: added
	chacha-poly1305 into benchmarks

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: when calculating record overhead account for
	chacha20 which doesn't send the nonce on the wire

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record-2.c, tests/mini-record.c: tests: include
	chacha20 into transfer tests

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_int.h: Added
	the CHACHA20-POLY1305 ciphersuites (with random IDs)

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/crypto-selftests.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c: added
	chacha20-poly1305 as cipher

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record-retvals.c: tests: check retvals in block ciphers

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
	send data size That reduced the maximum send size for CBC ciphers from 16384 to
	16384-(block size), which was unnecessary and was causing issues:
	https://bugs.winehq.org/show_bug.cgi?id=37500

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in: 
	gnutls_record_set_max_empty_records: removed

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
	points Reported by Robert Święcki.

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Added a tight loop around the legacy push
	function That reduces the need for more expensive outer loops.  Originally
	suggested by Anton Lavrentiev.

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/Makefile.am, src/gl/fseeko.c, src/gl/m4/dup2.m4,
	src/gl/m4/printf.m4, src/gl/m4/stdio_h.m4, src/gl/m4/time_h.m4,
	src/gl/signal.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
	src/gl/time.in.h, src/gl/vasnprintf.c, src/gl/xalloc.h: updated
	gnulib

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: more precise documentation of
	--set-id parameter

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: depend on nettle 3.1 or later

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/email: tests: updated email check for renamed
	--verify-email option

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
	the size of ck_attributes

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
	condition

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
	CKA_ID on key generation

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c: p11tool: reduced debugging output

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: --purpose,
	--hostname were renamed to --verify-purpose, --verify-hostname

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: added --mark-no-sign
	and --mark-no-decrypt options

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c: pkcs11: added flags to mark keys as not-being
	signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and
	GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during
	generation or write of keys.

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
	when writing a private key

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c: tests: cleanups in resume-dtls

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: ext: server_name: move name length check
	prior to IDN convertion

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: When an application calls
	gnutls_server_name_set() with a name of zero size disable the
	extension Resolves #2

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: check
	CN for match only if certificate would have been acceptable for
	GNUTLS_KP_TLS_WWW_SERVER

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: Apply DNS name constraints on CN
	field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos.

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time is less prone to
	timeouts

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/suppressions.valgrind: tests: added valgrind
	suppressions in cert-tests for libidn

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: eliminated memory leaks on verification

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/email,
	tests/cert-tests/email-certs/chain.exclude.test.example.com,
	tests/cert-tests/email-certs/chain.invalid.example.com,
	tests/cert-tests/email-certs/chain.test.example.com,
	tests/cert-tests/email-certs/chain.test.example.com-2: tests: Added
	email verification tests with certtool

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: added the --email
	option, to use in verification

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/openpgp/compat.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
	lib/x509/Makefile.am, lib/x509/email-verify.c,
	lib/x509/verify-high.c: Added gnutls_x509_crt_check_email(),
	gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: verify that we accept a certificate
	with no name even if its CA has nameconstraints

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: when no name of the
	type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c: tests: increase the timeout in resume-dtls

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_export3: allow operation when
	raw.data is NULL and we have a public key

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with
	the public key is not present. For that we use the key parameters,
	which we encode into a key. Issue reported by Frank Leavis.

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
	build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	build-aux/useless-if-before-free, build-aux/vc-list-files,
	doc/gendocs_template, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4, gl/m4/printf.m4,
	gl/m4/stdio_h.m4, gl/m4/time_h.m4, gl/m4/ungetc.m4,
	gl/stdio-impl.h, gl/stdio.in.h, gl/tests/Makefile.am,
	gl/tests/init.sh, gl/tests/test-u64.c, gl/time.in.h, gl/u64.c,
	gl/u64.h, gl/vasnprintf.c, maint.mk: gnulib: removed u64 module

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/gnutls_int.h: drop
	support for gnulib's u64

2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl: tests: check legacy RC4 in
	testcompat That would prevent losing compatibility without detecting it.  That
	is currently the case since it is no longer enabled by default.

2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-record-retvals.c: tests: added check
	to verify the correctness of the record function return values

2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/crywrap/crywrap.c, src/tests.c: tools: enable
	compilation with all options disabled

2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c, lib/gnutls_ui.c: enable compilation with
	several options disabled

2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_auth.c, lib/gnutls_state.c, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/x509/crq.c, lib/x509/pkcs7.c: doc: avoid
	mentioning pointers when not needed

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: increase the maximum stack frame the compiler will
	warn for

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c, lib/crypto-api.c, lib/ext/alpn.c,
	lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c,
	lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
	lib/ext/server_name.c, lib/ext/session_ticket.c,
	lib/ext/signature.c, lib/ext/srtp.c, lib/ext/status_request.c,
	lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
	lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
	lib/gnutls_privkey_raw.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
	lib/pkcs11x.c, lib/system-keys-win.c, lib/system_override.c,
	lib/tpm.c, lib/verify-tofu.c, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/hostname-verify.c, lib/x509/name_constraints.c,
	lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_openssl.c,
	lib/x509/privkey_pkcs8.c, lib/x509/verify-high.c,
	lib/x509/verify-high2.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	lib/x509/x509_write.c: doc: avoid using structure for opaque types

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-extension.c: tests: include gnutls_ext_s/get_data into
	tests of mini-extension

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_extensions.c: updated documentation on non-return value
	of gnutls_ext_set_data

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls0-9.c: tests: fixed buffers in mini-dtls0-9

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp.c, lib/ext/alpn.c, lib/ext/etm.c,
	lib/ext/heartbeat.c, lib/ext/max_record.c,
	lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
	lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/srp.c,
	lib/ext/srtp.c, lib/ext/status_request.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_int.h, lib/gnutls_str.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: added
	gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from
	union to void * pointer. That simplifies the exported API without
	reducing the options in the internal API.

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: set GNUTLS_DTLS_VERSION_MIN to be
	DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls0-9.c: tests: added test for
	DTLS 0.9

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-extension.c: tests: updated mini-extension

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: mention the new functionality briefly in
	documentation

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_supplemental.c: mention that
	the registration functions are not thread safe

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h: store a copy of
	the extensions name

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: deinitialize supplemental data on deinit

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: removed
	unused epoch change callback

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_supplemental.c,
	lib/gnutls_supplemental.h: deinitialize supplemental data on deinit

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.h, lib/gnutls_supplemental.c: reduce warnings

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_supplemental.c: added documentation for the new functions

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-supplementaldata.c: tests: remove warnings in
	mini-supplementaldata.c

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, tests/mini-supplementaldata.c: 
	updated types

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-03-19  Thierry Quemerais <tquemerais@awox.com>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, tests/Makefile.am, tests/mini-supplementaldata.c: 
	Added a way to add custom supplemental data from public API.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

2015-03-19  Thierry Quemerais <tquemerais@awox.com>

	* tests/mini-extension.c: Fixed extension test.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.h, lib/includes/gnutls/gnutls.h.in,
	tests/Makefile.am, tests/mini-extension.c: renamed gnutls_buffer_st
	-> gnutls_buffer_t

2015-03-19  Thierry Quemerais <tquemerais@awox.com>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_int.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/mini-extension.c: Added a way to add custom extensions from
	public API.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h: 
	gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always
	defined there

2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/inet_ntop.c: inet_ntop replacement: include sys/socket.h

2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/inet_ntop.c, lib/system.h: inet_ntop replacement: do not
	depend on socklen_t

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: link cipher tests directly with
	nettle when needed

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: tests: mini-dtls-record: increase
	timeouts to avoid failure of test due to slow system

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: tests: mini-dtls-record: removed the
	need for 64-bit number

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: tests: increase verbosity of
	mini-dtls-record

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi: document the cipher override API

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/mac-override.c,
	tests/slow/override-ciphers: added test suite for overriden digests
	and MACs

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/cryptodev.c, lib/accelerated/x86/x86-common.c,
	lib/crypto-backend.c, lib/crypto-backend.h,
	lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added API to
	register MAC and digest algorithms.

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/cipher-override.c,
	tests/slow/override-ciphers: added test suite for overriden ciphers

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
	lib/accelerated/x86/x86-common.c, lib/crypto-backend.c,
	lib/crypto-backend.h, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map: Added API to register AEAD and legacy ciphers.

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/cryptodev-gcm.c: cryptodev: provide the new AEAD
	API

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Added environment variable which can override
	automatic global initialization

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c, lib/crypto-backend.h: removed unused
	functions

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: configure: fail compilation if the minimum required
	libtasn1 is not present

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c: tests: long-session-id uses the test
	framework

2015-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/pkcs11.c: depend on p11-kit 0.23.1 to conform to
	draft-pechanec-pkcs11uri-21

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record.c: tests: fixed shadowed variable in
	mini-dtls-record

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c, tests/mini-dtls-fork.c,
	tests/mini-dtls-pthread.c, tests/mini-dtls-rehandshake.c,
	tests/mini-handshake-timeout.c, tests/utils.c, tests/utils.h: tests:
	use nanosleep for sleeping

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README-alpha: move valgrind to testing tools

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: updated README-alpha

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_supplemental.c: Fixed handling of supplemental data
	with types > 255.  Patch by Thierry Quemerais.

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: doc update

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: gnutls_priority_init: document that
	priorities can be NULL

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11.softhsm: testpkcs11: disallow softhsm
	2.0.0b1 from being used to test PKCS #11

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/mini-eagain2.c: tests: mini-eagain2: call
	gnutls_handshake_set_timeout() at the proper time

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: added libasan as dependency

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: corrected self test for 3DES

2015-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: correctly set the size of type

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: combined the fill for object attributes set

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: only set ID and label when both size and
	data are set

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: exit with non-zero reason if no objects are
	found

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: tests: added checks for p11tool --set-id
	and --set-label

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added --set-id and --set-label options

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.c, lib/pkcs11_int.h: added
	gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the
	CKA_LABEL of an object.  Resolves #1

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
	tests/cert-tests/invalid-sig.pem: Added check for GNUTLS-SA-2015-1

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-chains.h: tests: removed test with invalid DER encoding
	in chainverify These certificates are now rejected earlier.

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/strict-der.c: tests: added a check for
	certificates with invalid DER encodings

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_ext.c: 
	x509: use libtasn1's strict DER decoding rules in network obtained
	structures

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, m4/hooks.m4: depend on libtasn1 4.3

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: rearranged internal documentation

2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
	src/socket.c: tools: added ftp as a starttls protocol

2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
	mix

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
	SECURE192

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-polarssl: tests: do not run polarssl
	interop test on VIA

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-common: use common license in all
	testcompat scripts

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: removed unused function

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2015-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README-alpha, README.md: README-alpha is README.md on
	repository It contains information for developers.

2015-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README, README.md: Revert "auto-generate README from
	README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd.

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: cleaned up licensing

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, README, README.md: auto-generate README from
	README.md

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833.

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: added README.md as link to README

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, README-alpha, README-alpha.md, README.md: Revert "renamed
	README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5.

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, README-alpha, README-alpha.md, README.md: renamed README
	files

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, README-alpha: README: converted to mark-down

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: corrected check of certificate
	chain order

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509cert.c: tests: added small test to verify that
	GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
	unsupported TLS protocols as soon

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: cli sockets: check for a digit prior using atoi

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
	sorted

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: gnutls-cli-debug: do not warn multiple times about
	unknown protocols

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-support.texi: updated documentation on FIPS140-2

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: speed up testcompat
	check by remove less important options

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/softhsm.h: tests: updated paths for softhsm detection

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: README: mention nodejs

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: check for /usr/share/dns/root.key as well
	for dns root key

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: README: mention dependency on dns-root-data

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: don't perform the overflow
	check in 32-bit systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-date.tmpl: tests: date parsing test was
	modified to work in 32-bit systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: in 32-bit systems use PRIu64 to
	print 64-bit values

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: exit when there is an overflow in
	parsing days

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha: README: mention that openssl and polarssl will be
	used for interop testing

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-test: Revert "tests: increased the
	retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869.

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-basic.pem,
	tests/cert-tests/template-basic.tmpl,
	tests/cert-tests/template-test: Revert "tests: template-test: added
	a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377.

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-basic.pem,
	tests/cert-tests/template-basic.tmpl,
	tests/cert-tests/template-test: tests: template-test: added a
	baseline check to detect slow systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: increased the retries with
	datefudge cert generation There are slow systems that are not always capable of generating the
	certificate within a single second.

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: add bison as a dependency

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: build documentation last That allows the examples to depend on libgnu_gpl.la

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: list unbound dependency for DANE

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: tests: removed dane hosts which don't behave
	well

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: updated instructions for installed packages

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex: latex doc: updated copyright dates

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: updated copyright date

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
	m4/hooks.m4: use asn1_decode_simple_ber if available

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-library.texi: corrected typo

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-library.texi: mention libidn

2015-03-04  Ilya V. Matveychikov <i.matveychikov@securitycode.ru>

	* tests/suite/asn1random.pl: asn1random.pl: generate simple tags
	only Do not emit tags with numbers greater than or equal 31 as they must
	be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: doc update

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
	tests/cert-tests/invalid-sig2.pem,
	tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
	X.509 certificate signatures

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: added the change of priority string NORMAL
	in documentation

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-library.texi: document the usage of a PKCS #11 trust
	module for verification

2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: updated the suite to
	account for the removal of DSA by default

2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa, tests/openpgp-callback.c, tests/openpgpself.c,
	tests/priorities.c: tests: updated the suite to account for the
	removal of DSA by default

2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl,
	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
	cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses.

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: DSA signatures and DHE-DSS are disabled by
	default DSA was an algorithm that was never deployed on the Internet and
	had, until very recently, several limitations such as restriction of
	its keys to 1024 bits, SHA1-only etc. Given that there are literally
	0 internet (HTTPS) certificates using DSA, there is no point to
	enable it by default and increase our attack surface.

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c: gnutls-cli: include AES_128_CCM in
	benchmark-ciphers

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c: doc update

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: doc update

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/inet_ntop.c, lib/system.c, lib/system.h,
	lib/x509/output.c: bundle inet_ntop in systems that don't have it

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h: removed
	gnutls_pubkey_get_verify_algorithm from abstract.h

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
	spotted by Andris Mednis

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_session.c: doc update: document that session_get_data()
	must be used in non-resumed sessions

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc update

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c, lib/gnutls_handshake.c: added
	comments

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if
	available in p11-kit

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: removed unnecessary check and
	optimized function

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected check which prevented
	client to sent an unacceptable for the version ciphersuite

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-key-material.c: tests: mini-key-material: avoid memory
	leak

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-lowmtu.c, tests/mini-overhead.c,
	tests/mini-record.c: tests: require DTLS 1.2 when using GCM

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: handle GNUTLS_E_INT_CHECK_AGAIN

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/gnutls_handshake.c: check the negotiated TLS/DTLS version prior
	to offering a ciphersuite a server

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: remove unnecessary assert

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cve-2009-1415.c, tests/x509sign-verify.c: tests: modified
	tests with obsolete APIs with their replacement API

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc: added deprecated functions into upgrade
	plan

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert-tl.c: tests: added checks for
	gnutls_x509_crt_get_signature_algorithm and
	gnutls_x509_crt_get_preferred_hash_algorithm

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_pubkey.c, lib/libgnutls.map, lib/nettle/pk.c,
	lib/x509/verify.c, lib/x509/x509.c: removed
	gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/x509.c: 
	removed gnutls_x509_crt_get_verify_algorithm()

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: removed gnutls_pubkey_verify_hash() and
	gnutls_pubkey_verify_data()

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h: certtool: use unsigned for bits

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/p11tool.c: certtool/p11tool: avoid cast to
	function call

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: allow specifying
	a purpose and a hostname for chain verification

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/x509cert-invalid.c: tests: added check
	for invalid X.509 certificate

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-key-material.c: tests: added check
	for gnutls_record_get_state()

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_constate.c: removed unused constants

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: memcpy fix in gnutls_record_get_state

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* ltmain.sh: removed ltmain.sh from root

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_get_state() and
	gnutls_record_set_state() These functions allow to export the key material and sequence
	numbers.  That allows offloading the sending and receiving of
	individual records.

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: fixed sequence number copy

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_handshake_set_hook_function: will provide the raw handshake
	data

2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: use explicit casts to unsigned
	int in the CURVE_TO_BITS et al

2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: use cast in _gnutls_hash_fast

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: when importing a certificate ensure that the
	signature parameters match

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
	x86

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c: gnutls-cli: added --save-cert option

2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: added missing prototypes

2015-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: handle differently OCSP responses that are revoked and
	of unknown status

2015-02-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: compilation fix with return on void function;
	reported by David Marx

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: set the appropriate direction when
	_gnutls_io_write_flush() is called

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-pthread.c: tests: added check
	for operation under different threads and DTLS

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-fork.c: tests: added check for
	operation under different processes and DTLS

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented using a session with fork or
	multiple threads

2015-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and
	gnutls_record_send() can be used independently and in parallel.

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: print errno in a more uniform way

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/system.c: doc update

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
	lib/system.h, lib/system_override.c: exported
	gnutls_system_recv_timeout()

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
	total length

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/kbnode.c, lib/opencdk/read-packet.c: opencdk: small
	fixed to reduce warnings

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: doc update

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
	so verbose about the OCSP nonce; it is universally unsupported

2015-01-17  Tim Ruehsen <tim.ruehsen@gmx.de>

	* src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: on certificate import check whether the two
	signature algorithms match

2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: use 3.3.12

2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/key_decode.c: doc update

2015-01-12  Luke Dashjr <luke-jr+git@utopios.org>

	* Makefile.am, configure.ac, doc/manpages/Makefile.am: Added
	configure option --disable-tools

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/errors.c: corrected typos Reported by Guido Kroon.

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
	obsolete versions That prevents using these versions as record version numbers, unless
	they are the only protocol supported. This avoids the issues with
	servers that have banned SSL 3.0 record versions.

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: follow the documented process for
	gnutls_x509_crt_get_authority_info_access

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
	update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool-common: iterate through all AIA
	items prior to decidig the OCSP server

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: use a FIPS key that agree's with fedora's fipshmac

2015-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: DCO: Added Luke Dashjr

2015-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: simplified text for inline-commands-prefix

2015-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
	--starttls-proto option

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: cleanup the name of types

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/softhsm.h: tests: updates in softhsm detection

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
	data as well (version 2 fix)

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: doc update

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
	write a trusted CA

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: removed gnutls_pubkey_get_pk_* from the
	exported function list

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-import-export.c: tests: key-import-export: enhanced to
	test gnutls_pubkey_*_ecc_x962

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: gnutls_pubkey_t: allow the import of another
	parameter set without a leak

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: removed ABI-compatibility functions

2015-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11.softhsm: testpkcs11: modified to support
	both softhsmv1 and v2

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
	data as well

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-import-export.c: tests: enhanced key-import-export to
	check output of pubkeys

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-callback.c: tests: eliminated leaks

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: doc update

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/key-import-export.c: tests: added checks
	for private key import/export functions

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/openpgp-callback.c: tests: Added test
	case for openpgp keys loaded by callback

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
	from a client, the server verifies if it supports the extension’s
	contents in _gnutls_session_cert_type_supported().  This function
	checks for cred->get_cert_callback but not cred->get_cert_callback2.
	As a result, servers setup for OpenPGP certificate credential
	callback with gnutls_certificate_set_retrieve_function2() are unable
	to use the OpenPGP certificate type.  The solution is to consider cred->get_cert_callback2 alongside
	cred->get_cert_callback in _gnutls_session_cert_type_supported().  Patch by Rick van Rein.

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
	release the cached value

2015-01-08  Ludovic Courtès <ludo@gnu.org>

	* NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
	during expansion and at run time.  Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.  * guile/modules/gnutls.in: Wrap '%libdir' definition and   'load-extension' call in 'eval-when'.

2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
	record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712

2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record-asym.c: tests: updated
	mini-dtls-record-asym

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record-asym.c: tests: better documentation of
	mini-dtls-record-asym purpose

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-mtu.c, tests/utils.c, tests/utils.h: tests: moved
	udp_socketpair to utils

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record-asym.c: tests: corrected asymmetric MTU
	test for DTLS and added caching

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-record-asym.c: Added test case
	for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: simplified _gnutls_dgram_read()

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: danetool: only compile when dane is enabled

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
	exceed MTU Resolves: https://savannah.gnu.org/support/?108715

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Added more precise check of push functions
	availability

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
	lib/system.h: Revert "in DTLS don't use writev() when multiple
	packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab.

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Revert "Give precedence to vector push
	function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5.

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Give precedence to vector push function

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
	lib/system.h: in DTLS don't use writev() when multiple packets which
	exceed MTU are queued That change requires the system_write() to be registered
	unconditionally, even when writev() is available.  Resolves:
	https://savannah.gnu.org/support/?108715

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-mtu.c: tests: added check to
	ensure that DTLS handshake packets will not exceed MTU

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: warn when setting a certificate's
	expiration longer than the CA's expiration

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: detect softhsm2

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
	tests/record-sizes.c: tests: account for disabling of ARCFOUR where
	needed

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: modified check for READ_NUMERIC

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
	number

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: check for overflows when reading
	serial numbers

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
	type for integers read

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: gnutls-cli-debug: more precise handling of SMTP
	protocol Patch by Andreas Metzler.

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
	gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
	gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
	gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
	gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
	gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
	gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
	gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
	gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
	gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
	gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
	gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
	gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
	gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
	gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
	gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
	gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
	gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
	gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
	gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
	gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
	gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
	gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
	gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
	gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
	gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
	gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
	gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
	gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
	gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
	gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
	gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
	gl/tests/signature.h, gl/tests/test-alloca-opt.c,
	gl/tests/test-base64.c, gl/tests/test-binary-io.c,
	gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-float.c, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-func.c,
	gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
	gl/tests/test-iconv.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
	gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
	gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-string.c,
	gl/tests/test-strings.c, gl/tests/test-strnlen.c,
	gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
	gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
	gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
	src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
	src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
	src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
	src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
	src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
	src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
	src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
	src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
	src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
	src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
	src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
	src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
	src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
	src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
	src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
	src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
	src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
	src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
	src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
	src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
	src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
	src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
	src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
	src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
	src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
	src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
	src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
	src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
	src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
	src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
	src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
	src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
	src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
	src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
	src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
	src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
	src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
	src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
	src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
	src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
	src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
	src/gl/parse-datetime.y, src/gl/printf-args.c,
	src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
	src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
	src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
	src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
	src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
	src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
	src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
	src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
	src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
	src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
	src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
	src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
	src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
	src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
	src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
	src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
	src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
	src/gl/xsize.h: updated gnulib

2015-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
	checks

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: use explicit casts in the dummy ip conversion
	functions

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	lib/gnutls_priority.c: ARCFOUR-128 is disabled by default

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: use LoadLibraryA to load
	ncrypt.dll

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, devel/abi3.4.xml: Updated abi-compliance-checker for
	3.4 API

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, symbols.last: updated export symbols list (due to ABI
	breakage)

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: doc: updated auto-generated files

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/doc.mk, doc/manpages/Makefile.am: generate manpages for urls.h
	and system-keys.h

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-get-issuer.c: tests: added check for
	gnutls_x509_trust_list_get_issuer_by_dn()

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: updated libgnutls.map for new functions

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc:
	updated auto-generated files and added urls.h

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
	added checks for the new --key-id and --fingerprint certtool options

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: Added
	--fingerprint and --key-id options

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: --pubkey-info will load a public key
	from stdin

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: include netinet/in.h if present to access ipv6
	related structures Based on patch by Rumko.  https://savannah.gnu.org/support/?108713

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: VERS-ALL adds all protocols if used with
	'+'

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: priority strings
	VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding
	protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously.

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: made DTLS protocol
	version numbering distinct

2014-12-30  Matthias-Christian Ott <ott@mirix.org>

	* lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
	textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
	_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
	textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
	this case and thus does not need to be called.

2014-12-30  Matthias-Christian Ott <ott@mirix.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
	VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
	_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
	textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
	the plaintext length (last parameter) is greater than zero and
	segfault otherwise. The assembler code for both functions is
	automatically generated and imported from OpenSSL, so to ease
	maintenance the length should be validated in the functions that
	call padlock_ecb_encrypt or padlock_cbc_encrypt.

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: use backslashes in windows path

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: openpgp: properly print names in oneline
	output as well

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: updates in openpgp DSA key printing

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: properly print openpgp names

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/Makefile.am: opencdk: print all warnings on
	compilation

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: opencdk: eliminated warning from armor.c

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/keydb.c: removed cache support for opencdk's keydb It's implementation looked buggy.

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated guile comments

2014-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
	functions only when OCSP is enabled

2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
	gnutls_pubkey_import_ecc_x962().

2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/p11tool-args.def: tools: document the
	available curves

2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
	tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
	tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
	tests/suite/testpkcs11.softhsm: PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with
	softhsmv2 and CKA_TRUSTED.
	https://bugzilla.redhat.com/show_bug.cgi?id=1177086

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/safe-memfuncs.c: updated documentation of gnutls_memcmp()

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/x509/x509.c: use everywhere the new name
	of gnutls_x509_crt_import_pkcs11_url

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: better cleanup in
	gnutls_pkcs11_privkey_import_url and allow reuse

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
	separated the two gnulibs to avoid conflicts

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
	gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
	gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
	gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
	src/gl/Makefile.am, src/gl/m4/extensions.m4,
	src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
	src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
	src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
	src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/urls.c,
	lib/urls.h, lib/x509/x509.c: dropped the sanitize URL approach

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: 
	Instead of sanitizing URLs, use hints to support incomplete PKCS#11
	URIs

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c: 
	gnutls_x509_crt_import_url replaces
	gnutls_x509_crt_import_pkcs11_url

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: use p11_kit_uri_get_pin_source instead of
	p11_kit_uri_get_pinfile

2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-pkcs11-list.c: ex-pkcs11-list.c: updated for new
	API

2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/verify-high.c, lib/x509/verify-high2.c: combined
	gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces
	gnutls_pkcs11_obj_list_import_url3() and
	gnutls_pkcs11_obj_list_import_url4().

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/x509/verify-high2.c: first attempt to unify obj_attrs with
	obj_flags

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-is-known.c: tests: pkcs11-is-known checks
	whether the import of PKCS #11 objects as trusted certs works

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
	tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
	tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
	tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in
	softhsm detection

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
	#11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
	token URL, but rather a direct reference to specific objects.

2014-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_psk.c: PSK: added sanity check on PSK key size set

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: removed ARCFOUR-40 from the ciphers
	to use It is no longer supported.

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: _gnutls_buffer_append_data returns zero on
	success

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
	for the cork/uncork functions Reported by Jaak Ristioja.

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: doc update

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/protocols.c: Added more precise version check in
	_gnutls_version_lowest

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: corrected documentation of gnutls_cork()

2014-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: Added 32-bit overflow protection in
	_gnutls_buffer_append_data()

2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_str.c: Remove redundant condition in
	align_allocd_with_data().  At all call-sites of align_allocd_with_data() dest->data is
	non-NULL.  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_str.c: Deduplicated some code in
	_gnutls_buffer_append_data().  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_str.c: Explicitly marked some variables const in
	_gnutls_buffer_append_data().  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

2014-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: DCO: added Jaak Ristioja

2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/cipher-test.c: test-ciphers: do not fail on processor
	which don't have the AES-NI instructions

2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: _gnutls_buffer_*: moved common operations to
	function

2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: _gnutls_buffer_append_data: moved common code
	outside the if-clause

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-polarssl: tests: disable SSL 3.0
	checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl.

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: testdane: removed www.vulcano.cl from good
	hosts

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509cert-tl.c: tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with
	gnutls_x509_trust_list_add_named_crt().

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: use
	gnutls_x509_trust_list_verify_named_crt in
	gnutls_x509_trust_list_verify_crt2

2014-12-12  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Update 'NEWS'.

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/random.c: gnutls_rnd: doc update

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: improved documentation on dane

2014-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
	mode, for the sake of MinGW.  Reported by Eli Zaretskii <eliz@gnu.org>.  * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
	  of 'open-input-file'.

2014-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Link with '-no-undefined'.  Fixes builds on MinGW.  Reported by Eli Zaretskii <eliz@gnu.org>.  * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add   -no-undefined.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: p11tool: use Sleep() in windows

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: ensure that default_serial_int is
	64-bits or more

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.3.11

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c: Allow a random generator with the same
	priority to re-register That corrects an issue where the library is deinitialized, and
	reinitialization wouldn't register the same rnd module.  Reported by
	Stanislav Zidek.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert.c: tests: x509cert: verify that length returned
	from gnutls_x509_crt_get_dn matches strlen

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: testcompat: corrected usage
	of null cipher

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code

2014-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: corrected typo

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: added option --without-idn

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c: accelerated: added required
	casts

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: the priority string
	EXPORT is no more

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c: aesni-ccm: removed unused
	struct entries

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-ccm-x86-aesni.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/x86-common.c: 
	added AESNI accelerated CCM

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c: more nettle3 related
	changes

2014-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: dane: use the new _gnutls_buffer_to_datum

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: tests: corrected the expected lengths in ocsp

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_session_pack.c, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/openpgp/output.c, lib/pkcs11.c, lib/tpm.c,
	lib/x509/dn.c, lib/x509/ocsp_output.c, lib/x509/output.c: 
	_gnutls_buffer_to_datum: includes code for exporting strings

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: when the trusted list contains a non-CA
	certificate warn via the audit log

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: modified the CCM ciphersuite's name
	to match the one in the IANA registry

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/scan-gnutls.sh,
	tests/suite/ciphersuite/test-ciphers.js: ciphersuite test: enhanced
	check for correct ciphersuites

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuites tests: add
	missing includes

2014-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuite tests: define
	HAVE_CONFIG_H

2014-12-04  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Build with warnings.  * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra   -Wno-unused-parameter.

2014-12-04  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/Makefile.am, guile/modules/gnutls.in,
	guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
	guile/src/core.c, guile/src/make-session-priorities.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
	guile: Remove the deprecated priority API.  * guile/modules/gnutls/build/priorities.scm: Remove.  * guile/src/make-session-priorities.scm: Remove.  * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly.  * guile/src/Makefile.am (EXTRA_DIST): Likewise.    (GENERATED_BINDINGS): Remove 'priorities.i.c'.    (priorities.i.c): Remove target.  * guile/src/core.c: Don't include it.    (scm_gnutls_set_default_priority_x): Remove.  * guile/modules/gnutls.in (gnutls): Adjust export list.  * guile/tests/session-record-port.scm: Use
	'set-session-priorities!'.  * guile/tests/x509-auth.scm: Likewise.

2014-12-04  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi, guile/modules/gnutls.in,
	guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
	guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
	Remove RSA parameters and related procedures.  * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
	  Remove.  (%gnutls-smobs): Remove it.  * guile/src/core.c (scm_gnutls_make_rsa_parameters,   scm_gnutls_pkcs1_import_rsa_parameters,   scm_gnutls_pkcs1_export_rsa_parameters,   scm_gnutls_set_certificate_credentials_rsa_export_params_x):
	  Remove.  * guile/modules/gnutls.in: Adjust export list.  * guile/tests/openpgp-auth.scm (import-rsa-params): Remove.    Remove references to it and to   'set-certificate-credentials-rsa-export-parameters!'.  * guile/tests/x509-auth.scm: Likewise.  * doc/gnutls-guile.texi (Representation of Binary Data): Remove   references to RSA parameters.  Adjust example accordingly.    (OpenPGP Authentication Guile Example): Likewise.

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: updated TODO list

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: removed several of the unneeded exported
	internal symbols

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc: corrected typo

2014-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: use unsigned long in gcm_cast_st

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: corrected issue in AES-256-GCM

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/test-ciphers: tests: enhanced
	cipher check to include all ciphers.

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: simplified abstractions over nettle based on
	Niels' comments.

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: API doc update

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: Added test vectors for CCM mode

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: CCM: corrected AEAD decryption

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: CCM mode moved to the lowest priority

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-aead.h: aes-gcm-aead.h: generalized

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: added benchmark for CCM

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c, tests/suite/testcompat-main-polarssl: tests:
	updated for AES-128-CCM ciphersuites

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c: use the new AEAD API in gnutls_cipher.c

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/cipher.c: Added definitions for CCM ciphersuites

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-crypto.texi, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-aead.h,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/crypto-api.c,
	lib/crypto-backend.h, lib/crypto-selftests.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/includes/gnutls/crypto.h, lib/libgnutls.map,
	lib/nettle/cipher.c: Modified crypto backend to accomodate for the
	CCM ciphersuites

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c, lib/nettle/pk.c: More nettle2 updates
	(in FIPS140-2 mode)

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
	lib/nettle/cipher.c, lib/nettle/int/gcm-camellia.c,
	lib/nettle/int/gcm-camellia.h, lib/nettle/pk.c, m4/hooks.m4,
	tests/dsa/testdsa: ported to nettle 3.0

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: reduced current soversion

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-upgrade.texi, lib/libgnutls.map: documented the
	removal of deprecated functions

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: corrected comparison

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
	lib/gnutls_priority.c, lib/gnutls_state.c,
	lib/includes/gnutls/compat.h: removed the old gnutls_retr_st
	compatibility functions

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/gnutls_rsa_export.c,
	lib/gnutls_ui.c, lib/includes/gnutls/compat.h, m4/hooks.m4: Removed
	binary compatibility with RSA-EXPORT using applications

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c, lib/includes/gnutls/compat.h: removed the
	old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority
	gnutls_compression_set_priority gnutls_kx_set_priority
	gnutls_protocol_set_priority gnutls_certificate_type_set_priority

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/compat.h, lib/x509/x509.c: removed
	gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c,
	lib/includes/gnutls/compat.h: gnutls_sign_callback_set() and
	gnutls_sign_callback_get() were removed

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: renumbered fields in gnutls.h

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, m4/hooks.m4: increased gnutls' soversion

2014-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/random.h: if the rnd structure doesn't provide check,
	_gnutls_rnd_check() will succeed

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/x509-verify-with-crl.c: tests: Added
	check for verification using CRLs

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Reorganized, and eliminated memory leak in
	_gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.

2014-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/systemkey.c: systemkey: updated for new
	gnutls_system_key_iter_get_info

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/system-keys.h, lib/system-keys-dummy.c,
	lib/system-keys-win.c: gnutls_system_key_iter_get_info() allows
	restricting results to a specific certificate type

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: removed unneeded variable

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
	update

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: added recommendation to use the higher
	level functions to load keys

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: avoid gcc warnings

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
	check for whether %NO_EXTENSIONS is required

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
	the NULL KX

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_session_get_desc will return NULL if
	initial negotiation is not complete

2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-chain-unsorted.c: tests: small fix in
	mini-chain-unsorted

2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c, lib/gnutls_x509.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/x509.c: 
	GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from
	gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT
	is specified.

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pcert.c: gnutls_pcert_import_x509_list: only sort the
	lists it can sort

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system-keys-win.c: simplified windows URLs

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system-keys-win.c: system-keys-win: include urls.h

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-cert-status.c,
	tests/mini-chain-unsorted.c: tests: added mini-chain-unsorted

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pcert.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/common.c, lib/x509/common.h,
	lib/x509/verify-high.c, lib/x509/x509.c: Added flag
	GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the
	gnutls_certificate_credentials_t structure.

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_x509_key_file.c: tests: Added check
	for memory leaks when a file cannot be loaded.

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
	memory leak when certificate could not be parsed Reported by Georg Richter.

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: libdane: undef gnutls_assert() before redefining
	it

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: gnutls-cli-debug: do not print error on unknown
	protocols

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_x509_key_mem.c: tests: added leak
	check for gnutls_set_x509_key_mem2()

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: documented the limitations of the loading
	functions

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
	check for sorted certificate chain

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c: do not allow the resumption of a session which
	switches the state of ext_master_secret

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rfc2253-escape-test: tests: run rfc2253-escape-test under
	valgrind

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/custom-urls.c: tests: enhanced custom-url check

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_x509.c: sanitize URLs at the
	proper place

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected freeing of custom URL

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/includes/gnutls/urls.h: doc update

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/suppressions.valgrind, tests/suppressions.valgrind: 
	Added memxor_different_alignment into suppressions

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/gnutls_x509.c,
	lib/includes/gnutls/urls.h, lib/urls.c, lib/urls.h: Allow the
	construction of chains with custom URLs

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated ignored files

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/systemkey-tool.c, src/systemkey.c: renamed
	systemkey-tool to systemkey, and don't install it by default

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/custom-urls.c: tests: added check for
	registration of custom URLs

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/urls.h, lib/libgnutls.map, lib/urls.c: export
	gnutls_register_custom_url

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: correctly handle non-pkcs11 URLs in
	read_cert_url

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-tokens.texi, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/Makefile.am, lib/includes/gnutls/urls.h,
	lib/system-keys-win.c, lib/urls.c, lib/urls.h, lib/x509/x509.c: 
	Added the ability to register application specific URLs for keys and
	certs

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: use macros for the URL

2014-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2014-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
	for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake

2014-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: treat
	GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
	complete This corrects a regression introduced in
	b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
	https://savannah.gnu.org/support/?108690

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: removed old news

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/protocols.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
	record version in the client Hello will be set to the lowest
	supported protocol There should have been no harm in keeping it SSL 3.0 but
	unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
	as MUST NOT do that. That will be fixed in a later revision but
	since then there are servers not accepting SSL 3.0 as a valid record
	version (note that this is about the record version, which describes
	the format of the packet, nothing to do with the negotiated
	version).

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: Revert "The priority modifier
	%LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f.

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
	done when it is required only.

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_priority.c,
	lib/includes/gnutls/gnutls.h.in, src/cli.c: 
	gnutls_priority_string_list: allow printing the special keywords as
	well.

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: simplified code involving getrandom() and
	getentropy()

2014-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: detect android system and define a
	variable

2014-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/system-keys-dummy.c, lib/system-keys-win.c,
	lib/system-keys.c: separated system-keys implementations

2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: removed redundant local

2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: tests: added check for the abbreviated
	URLs which don't contain object information

2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_x509.c, lib/pkcs11_privkey.c,
	lib/urls.c, lib/urls.h, lib/x509/x509.c: prior to importing objects
	with URLs sanitize them That allows to use out of band information to complete missing parts
	in URLs (e.g., object-type=cert, when there is a certificate).

2014-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys.c: compilation fixes

2014-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/system-keys.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/system-keys.c, lib/system-keys.h,
	lib/x509/Makefile.am, lib/x509/x509.c, src/Makefile.am,
	src/systemkey-args.def, src/systemkey-tool.c: Added API to
	read/write/delete key-cert pairs (limited to windows for now)

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: NORMAL priority: prioritize the less than
	256-bits curves at the lowest level

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: Allow to set the nonRepudiation,
	keyAgreement and dataEncipherment flags

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: list the OIDs in the certtool cfg file
	documentation

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
	zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: partially reverted
	999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as
	OCSP anchors.

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: print message when the system trust is
	used

2014-11-14  David Weber <dave@veryflatcat.com>

	* src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
	and serv.c.  I have tested the fix in 3.3.10. This commit is UNTESTED as i am
	unable to compile gnutls (./configure complains about gl_INIT and
	ggl_INIT).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp.c: tests: ocsp: added the signature in check

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: only print about additional certificates
	if they are present

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: fix DN decoding in
	gnutls_ocsp_resp_get_responder_raw_id

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: tests: ocsp: added check with a long response

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: use the original DER/BER data when verifying an
	OCSP response

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: _pkcs1_rsa_verify_sig() simplify hashing

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: eliminated duplicate code

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: clarified the multiple paths printing of
	the verify options

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: allow printing the certificates in OCSP
	responses when --print-cert is specified

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c, lib/x509/ocsp.c: updated OCSP verification code
	to better use the trust list, and the KeyHash

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp_output.c: OCSP printing: Add header in front of
	certificates

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
	lib/pkcs11.c, lib/x509/verify-high.c: added
	gnutls_pkcs11_get_raw_issuer_by_dn and
	gnutls_x509_trust_list_get_issuer_by_dn

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
	for OCSP status response

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/crq: corrected crq test case; reported by Andreas
	Metzler

2014-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
	callback

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, tests/ocsp.c: replaced
	gnutls_ocsp_resp_get_responder_by_key with
	gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old
	buggy behavior of returning 0 if the element was missing.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: make sure that GNUTLS_PKCS_PLAIN is set
	when no password should be asked

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_import2: will not use a
	callback if GNUTLS_PKCS_PLAIN is specified

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: the FIPS140-2 testing mode is disabled after
	self-checks

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: updated OCSP tests to account for the new key ID

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: doc update and gnutls_ocsp_resp_get_responder()
	will always initialized output data

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
	valgrind complaints

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: print the OCSP response in verbose mode

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: corrected documentation of OCSP response
	verification

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c: Added
	gnutls_ocsp_resp_get_responder_by_key()

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/dn.c: dn parsing: return
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c, src/common.c: gnutls-cli: added
	option to save the OCSP response

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_sig.c,
	lib/includes/gnutls/abstract.h: added the notion of preferred sign
	algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3()
	with the info callback. It is only considered for client side keys
	in TLS sessions.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/ext/ext_master_secret.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/priority_options.gperf: 
	Added priority string %NO_SESSION_HASH to prevent advertising the
	extended master secret extension

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: certificate status requestion response
	is optional according to RFC6066

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, src/common.c: 
	Added flag GNUTLS_OCSP_SR_IS_AVAIL for
	gnutls_ocsp_status_request_is_checked

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.h: rnd: removed the packed attribute from
	event_st That prevents a SIGBUS on solaris sparc systems.  Reported by Thomas
	Thorberger.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: The priority modifier
	%LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
	number from the first packet of the record protocol.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
	that disallow the SSL 3.0 record version

2014-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: gnutls-cli: print whether status request has been
	checked

2014-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: doc update

2014-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/tpm.c,
	lib/x509/privkey.c, lib/x509/x509_int.h: Enable PIN support to
	gnutls_x509_privkey_t

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c, lib/system.h, lib/x509/common.c,
	lib/x509/x509_ext.c: _gnutls_ucs2_to_utf8() can handle little endian
	strings.

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/crypto-api.c, lib/ext/session_ticket.c,
	lib/gnutls_cipher.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/safe-memfuncs.c, lib/safe-memset.c: Added
	gnutls_memcmp() and exported it.

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h: indentation fix

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12_bag.c: added gnutls_pkcs12_bag_set_privkey() Conflicts: 	lib/libgnutls.map

2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_privkey.c,
	lib/includes/gnutls/abstract.h: dropped unused copy_func

2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/gnutls-idna.h: silence warning

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq: 
	Added check with the invalid crq sent by Sean Burford

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
	format, perform additional sanity checks on input Reported by Sean Burford.

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: doc update

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext/session_ticket.c, lib/gnutls_mem.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: exported
	gnutls_memset()

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
	on session tickets

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: tools: include arpa/inet.h in socket.c

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
	client and server

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: pass the correct user type to protected
	authentication login

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: corrected values for INSECURE level

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
	pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
	pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: perform reauth at the appropriate
	state

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
	type on reauthentication

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
	to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
	force login on tokens that require it

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: always set slot_info

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: testcompat-openssl: disable
	SSL 3.0 as it is not supported on debian

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-polarssl: fixed polarssl compatibility
	checks on debian

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.c: 
	pkcs11: eliminated the need for struct token_info

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
	support for PKCS #11 keys that require reauthentication and
	simplified pkcs11_login

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: clarified text

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/testcompat,
	tests/suite/testcompat-main, tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl,
	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
	tests: separated the two testcompat tests (openssl/polarssl)

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c: added missing comma

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: corrected heartbeat check

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
	negatives

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
	negatives

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main: tests: added interoperability tests
	with openssl's PSK

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_constate.c, lib/gnutls_int.h: corrected calculation for
	max send data and other uses of _gnutls_cipher_type()

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c: modernized cipher table

2014-11-05  Chen Hongzhi <hongzhi.chen@me.com>

	* lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c: simplified checks for EtM

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/anonself.c: tests: enhanced test to check the return value
	of gnutls_record_send()

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-2.c: tests: Added unit tests for
	gnutls_certificate_get_ours in mini-x509-2

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_session.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/includes/gnutls/gnutls.h.in: introduced
	GNUTLS_MAX_SESSION_ID_SIZE

2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive

2014-11-04  Chris Barry <chris@barry.im>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi: 
	Cleaning up some awkward phrasings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-record-failure.c: tests:
	Added test for MAC verification checks

2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/etm.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: EtM
	fixes: it only applies to block ciphers

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: reorganized output

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: moved the HTTPS server name outside
	of verbose tests; only run when the HTTPS protocol is used

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/common.c, src/common.h, src/tests.c: enhanced
	gnutls-cli-debug verbose output (uses files for mass text)

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
	tests for EtM and extended master secret support In addition reworked the output for existing tests.

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: only warn of an error if it is fatal

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main, tests/suite/testcompat-polarssl: 
	testcompat: increased the number of test cases checked

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/alpn.c: updated text

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-polarssl: testcompat-polarssl: try to run
	the test only if polarssl binaries are available

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-common, tests/suite/testcompat-polarssl: 
	testcompat: check the PSK ciphersuite interoperability against
	polarssl

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/testcompat,
	tests/suite/testcompat-common, tests/suite/testcompat-main,
	tests/suite/testcompat-polarssl: testcompat: added interop tests
	with polarssl

2014-11-03  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/system_override.c: doc: Added missing reference for EMSGSIZE
	to inline documentation of gnutls_transport_set_errno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-03  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/system_override.c: doc: Fixed typo in inline comment of
	gnutls_transport_set_errno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/etm.c,
	lib/ext/etm.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_extensions.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_session_pack.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/priority_options.gperf, src/common.c: Added support for RFC7366
	(encrypt then authenticate) It implements a revised version of RFC7366, to avoid
	interoperability issues:
	http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This
	is currently enabled by default, unless %NO_ETM, or %COMPAT is
	specified.

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/crypto-api.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_range.c: Made AEAD type an alternative
	to stream and block That way the terminology becomes closer to the TLS rfc.

2014-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: updated the text for
	GNUTLS_E_UNSUPPORTED_VERSION_PACKET

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-privkey.c: tests:
	Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11
	+ PIN

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
	set the id_size

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: deinitialize the temporary spki data

2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/init_fds.c: tests: added test for
	gnutls_global_init after all descriptors are closed

2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h: 
	corrected check for urandom fd

2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: tests: dtls-stress: fix issues in the
	suite

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: Do not require a PIN callback in the
	certificate credentials when a password is specified

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: doc update

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: corrected exit state from gnutls_global_init

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
	account the new behavior

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
	gnutls_fd_in_use, it is no longer necessary

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/gnutls_global.c,
	lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
	lib/random.h: When gnutls_global_init() is called manually from the
	application check the urandom fd for validity That addresses the issue where a server closes all open file
	descriptors and then calls gnutls_global_init().

2014-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, lib/nettle/rnd-common.c: Added support for
	getentropy() and reworked getrandom support

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dh.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_dh_params_import_raw2(), which
	allows to specify the number of bits for key size

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/nettle/rnd-common.c: use Linux' getrandom() when
	available

2014-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: use the random rnd context when refreshing the
	nonce context That avoids frequent reads from /dev/urandom.

2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: do not explicitly refresh rnd state on session
	deinit It is already being refreshed during the session lifetime.

2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: doc update

2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: increase the reseed time

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests.c: tests: enhance cipher test to include tag
	verification error

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: better documented the new API

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: harmonise variable names

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: disable hardware acceleration by default in solaris

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support of
	draft-ietf-tls-session-hash-02.  Now the session hash is calculated correctly even when a client
	certificate is sent. That is, the session hash now does not take
	into account the CertificateVerify message.

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: doc update

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi: doc: list the AEAD API

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/crypto-api.c, lib/crypto-selftests.c,
	lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map: Added a new simple to use AEAD API

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: the openssl compatibility library isn't built
	by default

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
	directive in assembly files, as it isn't portable

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c: eliminate IV size usage in TLS
	encryption/decryption; it was a remnant of salsa20

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c: corrected likely macro usage Spotted by Manuel Pégourié-Gonnard.

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.h, tests/mini-overhead.c: removed support for
	SALSA20 and for stream ciphers with IV The proposal was not adopted by the TLS WG, and the AEAD path will
	be used.

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/priority_options.gperf: Added priority string %NO_TICKETS that
	disables session ticket support This is implied by the priority string PFS.

2014-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ext_master_secret.c, lib/gnutls_kx.c: do not negotiate nor
	use the 'extended master secret' in SSL 3.0 According to Alfredo Pironti support for that protocol will be
	dropped from the draft.

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: compile 3.3.9 by default

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: always send the mandatory extensions (even
	in SSL 3.0) The only way to force no extensions and usage of SCSVs is the
	%NO_EXTENSIONS priority string.

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c: EXT MASTER SECRET moved to mandatory
	extensions

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am: check and use libnsl (used in
	solaris)

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
	sources

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl: updated perl asm sources

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: use the GNU-stack note in linux systems

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
	gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
	gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
	gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
	src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
	src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
	src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c: 
	updated gnulib

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
	validity of gnutls_x509_trust_list_get_issuer

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: corrected bug in
	gnutls_x509_trust_list_get_issuer() when used without the
	GNUTLS_TL_GET_COPY flag

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: include minitasn1 when needed

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: use HAVE_DANE ifdef for unused functions

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported gnutls_fd_in_use

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: document gnutls_fd_in_use()

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: gnutls_fd_in_use: mention version

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
	func is used

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
	check whether a file descriptor is in use

2014-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.h: added prototype to avoid compiler warning

2014-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode

2014-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
	FIPS140-2 mode

2014-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls-stress.c: dtls-stress: reindented code

2014-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls-stress.c: tests: dtls-stress: only replay when
	send succeeds

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testsrn: testsrn: do not assume that SSL 3.0 is
	enabled by default

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
	test that checks the fallback from TLS 1.6

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/libgnutls.map: added _gnutls_hello_set_default_version() which
	allows to override the clienthello version

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: prevent the combination of the -p
	and --list options As -p may be mistaken for --priority that would prevent wrong
	outputs.

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: avoid d from getting out of scope

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/udp-serv.c: gnutls-serv: avoid possible buffer overrun

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: avoid memory leak on
	gnutls_x509_privkey_generate() failure

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c: gnutls-cli: added option
	--priority-list

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: added gnutls_priority_string_list(), a function
	to iterate all priority strings

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: put all priority strings into a table

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: updated documentation for SSL 3.0 removal

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: SSL 3.0 is no longer on the default
	priorities list

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
	1024-bit DSA parameters when generating

2014-10-14  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Remove trailing zero in
	'gnutls_server_name_set' call.  In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
	'set-session-server-name!' would pass a trailing nul character on
	the wire after the server name, which would thus be rejected by
	servers.

2014-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: use _gnutls_hash_fast() in DSA/ECDSA
	verification

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
	lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
	changes to account for seed starting with null byte

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
	SHA224

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: simplified getrusage code; the failure
	check code wasn't needed

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
	phi(n) for RSA key generation in FIPS-140-2 mode

2014-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-extensions.c: tests: added check for import failure of
	v1 certificate with extensions

2014-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: do not allow importing X.509 certificates with
	version < 3 and extensions present

2014-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: update the guile manual along the C one

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.h, src/libopts/autoopts/options.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/intprops.h, src/libopts/m4/libopts.m4,
	src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
	src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
	src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
	src/libopts/version.c: updated to libopts 5.18.4

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: place all rusage variables into
	HAVE_GETRUSAGE block

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
	RUSAGE_SELF

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: removed last remnants of
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
	file

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: forbid heartbeat messages during a handshake

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	added internal variable to track handshake status

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: avoid shadowing a global variable

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: removed flag
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-is-known.c: tests: updated time in
	pkcs11-is-known

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
	fatal

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
	tests/test-chains.h: tests: allow running specific chainverify tests
	on fixed dates

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: _gnutls_check_valid_key_id: corrected
	activation/expiration check

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
	simplified and optimized loop

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi: mention nettle as the recommended crypto
	backend

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
	check to ensure that trust list combination with extra certificates
	works

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: when both a trust module and additional
	CAs are present account the latter as well That solves an issue in openconnect which used the system trust
	module, plus additional certificates.

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
	handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
	given

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: print the status of safe renegotiation and
	extended master secret

2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509.c, tests/resume.c: tests: check whether the
	extended master secret is negotiated by default

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/Makefile.am, lib/ext/ext_master_secret.c,
	lib/ext/ext_master_secret.h, lib/gnutls_constate.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_session_pack.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
	for the extended master secret calculation That is performed implicitly unless GNUTLS_NO_EXTENSIONS is
	specified.  The implementation follows
	draft-ietf-tls-session-hash-02.

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: corrected assignment

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: corrected the name of exported function

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-discard.c: tests: added check
	for gnutls_record_discard_queued()

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_discard_queued() That function allows to discard queued data in DTLS.

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: corrected test for v1 cert signing
	(removed bogus authorityIdentifier)

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: only set the authority key identifier,
	if there is a corresponding subject key identifier

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: do not shortcut checks when
	GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
	check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.

2014-10-06  Armin Burgmeier <armin@arbur.net>

	* tests/suite/pkcs11-chainverify.c: Add a test for PKCS11 CA
	iteration Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-10-06  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify-high.c: Also iterate over the CA certificates in a
	PKCS11 token Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-10-06  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
	are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
	theold URL would be leaked. It is documented that only one URL can
	be used, so it should be safe to reject any attempt to add another
	one.  Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
	no CKA_ID can be relied on fallback on checking the
	SubjectKeyIdentifier Patch by David Woodhouse.

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
	verification functions

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: removed unused definition

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
	verification functions

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-is-known.c: tests: corrected check with
	gnutls_x509_trust_list_get_issuer

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: corrected remove_pkcs11_url()

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
	check gnutls_pkcs11_crt_is_known() when multiple same DNs are
	present

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: when checking for presence do not give up on
	the first mismatch

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: doc update: clarifications in
	gnutls_x509_trust_list_add_trust_file

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: corrected compilation for non-pkcs11;
	reported by David Woodhouse.

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: avoid calls in gnutls_init()

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c: the handshake function has a timeout value by
	default

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/session_ticket.c: use wait and retransmit when receiving
	session tickets

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
	to dtls-stress That allows it to replay messages in a kind of arbitrary way.

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: report the FIPS140-2 mode

2014-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
	check for GNUTLS_TL_GET_COPY

2014-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
	lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
	flag and documented the limitations of
	gnutls_x509_trust_list_get_issuer()

2014-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
	actual function prototypes

2014-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news entry

2014-09-30  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Remove erroneous @ifnottex.

2014-09-30  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Add NEWS entry for Guile changes.

2014-09-30  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Make it clear that the bindings
	are part of GnuTLS.

2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: if receiving a ChangeCipherSpec fails,
	return GNUTLS_E_UNEXPECTED_PACKET That is more precise than the current
	GNUTLS_E_UNEXPECTED_PACKET_LENGTH

2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: use __hidden in solaris to
	provide the hidden visibility attribute

2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.h: no need to define
	_gnutls_x86_cpuid_s

2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c, lib/nettle/cipher.c: use
	MAX_CIPHER_BLOCK_SIZE more consistently

2014-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
	GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
	allow duplicate entries

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c, src/tpmtool.c: more compiler warning fixes

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: enabled more warnings

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_dtls.h,
	lib/gnutls_privkey.c, lib/openpgp/output.c, lib/random.c,
	lib/system.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c,
	src/certtool.c, src/cli.c: fixed compilation warnings

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
	d->d_type

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected type

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: don't both with checks for padlock in
	non-x86

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, lib/libgnutls.map,
	symbols.last: updated auto-generated files

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README-alpha, devel/abi.xml, devel/abi3.2.xml: run
	abi-compliance-checker prior to release

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: indented symbols

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
	infinite loop on handshake

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: removed unused error values

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h: 
	restrict the number of non-fatal errors gnutls_handshake() can
	return

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
	splitting the errors to two tables

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
	tests/openpgp-auth.c, tests/x509cert.c: use unsigned types in
	prototypes

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: enable gcc warnings by default

2014-09-23  Armin Burgmeier <armin@arbur.net>

	* tests/openpgp-auth.c, tests/x509cert.c: Check the credentials
	getter functions as part of the unit tests

2014-09-18  Armin Burgmeier <armin@arbur.net>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c: Add an interface to iterate the trusted CA
	certificates in a trust list Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-18  Armin Burgmeier <armin@arbur.net>

	* lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
	lib/openpgp/gnutls_openpgp.c: Add getter functions for openpgp keys
	and certificates Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Add functions to obtain X.509 keys and
	certificates from certificate credentials Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: enabled gnutls_privkey_export_pkcs11

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Add functions to export X.509 and OpenPGP private
	keys from the abstract type Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map: 
	Add a function to obtain the trust list of a
	gnutls_certificate_credentials_t Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: doc update

2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h: removed
	gnutls_pcert_get_type()

2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: only enable crywrap if libidn is present

2014-09-22  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Restore cross-reference in
	'set-session-priorities!' docstring.  This had been destroyed in 32d90395.

2014-09-22  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
	guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
	bindings for 'gnutls_server_name_set'.  This adds the 'set-session-server-name!' procedure and the
	'server-name-type' enum type.

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c, tests/suite/certs/create-chain.sh,
	tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: Added
	checks for key purpose verification

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/x509/common.h,
	lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	Verify key purpose on intermediate certificate if
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified That introduces the verification flag
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE, and the verification
	result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this
	verification test must be explicitly enabled is because it is only
	defined in CA Forum's Baseline requirements 1.1.9 but not any IETF
	document.

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: updated the extended key usage
	documentation

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: added missing prototype

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_privkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: introduced
	gnutls_privkey_import_ext3() That function allows copying an external specified private key, as
	well as allow variability on the capabilities of an external key.

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: when printing a certificate request also print
	its signature algorithm

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c: 
	added gnutls_x509_crq_get_signature_algorithm()

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h: Added missing prototype

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_cpy()

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Add gnutls_certificate_get_verify_flags Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Add API to retrieve a X.509 or OpenPGP
	certificate from a gnutls_pcert_t Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-18  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify-high.c: Memory leak fix on certificate copy
	failure Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: do not require the CA to be a direct CA

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
	test suite to pass more of the PKCS #11 API under valgrind

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
	option

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: corrected pin entry

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: cleaned up memory deallocation in
	read_cert_url() That caused unexpected results when loading PKCS #11 URLs.  Reported
	by Joseph Peruski.

2014-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/certtool.cfg: updated certtool.cfg

2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
	cancelled out while we parse it, would result to a good signature.

2014-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: require explicit disabling of PKCS #11 in configure

2014-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: Added Armin's DCO

2014-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify.c: updated details on
	certificate verification

2014-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: depend on p11-kit 0.20.7

2014-09-16  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify.c, tests/test-chains.h: Check for all error
	conditions when verifying a certificate This allows to check for all possible flaws with a certificate chain
	with a single call to gnutls_x509_crt_list_verify and friends.  Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: removed unneeded set of status

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: pkcs11: when a signer isn't found in PKCS #11
	force the verification of the chain That allows obtaining any additional flags from the chain such as
	insecure algorithms or expirations.

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/psk.c: psktool: corrected resource leak on failure

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: added sanity check on cleanup

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: removed unused variable

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: corrected typo in printing error

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
	module verification

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: 
	unified the key purpose checks functions

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/common.h,
	lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
	same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
	will overwrite any previous one with the same name and key.

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: hostname and key purpose checks were moved
	above CRL checks

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c, lib/x509/x509_ext.c: doc update

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()

2014-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: tests: use the PID number in RPORT The shell's RANDOM isn't that random.

2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c: updated libtasn1

2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented the environment variables

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
	pkcs11x.h when it doesn't exist

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
	check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/certs/create-chain.sh: create-chain.sh: generate CRL

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
	invalid status Reported by Armin Burgmeier.

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
	set the invalid status" This reverts commit a922ee10c5f3902988e5730a1e6fbf77b033058c.

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
	invalid status Reported by Armin Burgmeier.

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: doc update

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11x.c: added missing file

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: print Attached Extensions, instead of
	extensions

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: when adding a duplicate certificate, keep
	the last entry

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.h,
	lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: added
	gnutls_pkcs11_copy_attached_extension()

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
	hardcode the chain number, use its name

2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: Revert
	"corrected planned version number" This reverts commit 5e44f432580f8b9533223acc3060db26446f0e96.

2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	src/pkcs11.c: fixes in the extension handling

2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: will print trust module extensions if
	present

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	check the key purpose of the CA certificate when in pkcs11 cert
	validation

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
	lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
	in a trust module using
	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
	lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
	and prefixed s/get_extension with _gnutls

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: doc update

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: corrected
	planned version number

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
	with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
	flexibility.

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: doc update

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
	lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
	gnutls_x509_crq_get_extension_by_oid2()

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c: Added
	gnutls_x509_trust_list_verify_purpose_crt()

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tpmtool.c: tpmtool: corrected key password read

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool.c: set umask prior to calling mkstemp

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: initialize verification output to zero

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: dtls: when discarding packet, discard the
	correct number of bytes

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/hostname-verify.c: check_ip: initialize ret

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
	null to prevent any issue

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
	callback

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: corrected issue in fips RNG

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: added comment to clarify check

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/literal.c: opencdk: corrected unsigned comparison

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tpm.c: fixes in loop for SRK password input

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: apps: corrected GNUTLS_PIN reading

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
	corrected CRL loading error

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: corrected copy+paste error

2014-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/suppressions.valgrind, tests/suppressions.valgrind: 
	tests: simply valgrind suppressions for libidn

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
	tests/scripts/common.sh, tests/suite/testcompat-main,
	tests/suite/testpkcs11, tests/suite/testsrn: use random ports in
	tests, unless a port is provided

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: corrected usage of readdir_r()

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: better error message

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: reentrant fixes for
	gnutls_x509_trust_list_add_trust_dir() handle unknown file types

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: optimized escaped comma handling

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/crq_apis.c: tests: extended crq API checks

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: doc update

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: when setting a DN properly handle spaces and
	escaped commas

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: simplified _gnutls_x509_get_signed_data()

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/x509.c: The get_raw_dn() functions were modified to work
	even if the certificate is generated (not imported)

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
	which have data.  Reported by Manuel Pégourié-Gonnard.

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-lowmtu.c: tests: Check the
	behavior of a DTLS server in a low-mtu scenario.  http://permalink.gmane.org/gmane.network.gnutls.general/3582

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
	implementation

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
	Lee

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
	libtasn1

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: tests: Added tests on the invalid OCSP response

2014-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: check the integrity of GMP

2014-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h, lib/x509/verify.c: when comparing an
	end-certificate with the trusted list compare the entire certificate

2014-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-chains.h: tests: Added test for amazon.com chain with
	new verisign CA.

2014-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
	certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
	different one with the same name and the same key. That can happen
	when an intermediate CA certificate is replaced by a self-signed
	one.

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/fips.h, lib/gnutls_global.c,
	lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
	rounds One round is before the AES acceleration is registered, and the
	second is after. That is to allow testing of the AES implementation
	used in the DRBG. That is a hack until nettle handles all cipher
	acceleration.

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: do not check CN
	when a DNSname is available

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h: 
	drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: fips140: fail on encryption test failure

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
	put the library into error state

2014-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex: 
	small doc updates

2014-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
	fixes in sectioning for p11tool and tpmtool invocation

2014-08-29  Tristan Matthews <le.businessman@gmail.com>

	* lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: p11tool: allow printing multiple types of tokens

2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/hostname-verify.c: remove text not applicable in that
	version

2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/hostname-verify.c: refer to rfc6125

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: additional sanity check in RSA key generation
	testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
	prevent any issues with an accidental null encryption.

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
	error state if key generation fails

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
	allocations and keep a pointer to the DER data for DN

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
	importing a CRL keep the DER data

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
	importing a certificate, keep the DER data

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/session_ticket.c: doc update

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, configure.ac, devel/openssl,
	lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c: 
	added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
	for padlock.

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Revert "updated
	asm sources" This reverts commit 97895066e18abc5689ede9af1a463539ea783e90.

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: when listing tokens, list their type as
	well

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
	sources

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
	data in a single pass

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/suppressions.valgrind: tests: added more idna valgrind
	suppressions

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
	objects at a time That improves the performance significantly when reading from tokens
	with a significant number of objects. Reported by David Woodhouse.

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
	object cannot be imported

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: allow objects without label or without ID

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: updated name constraints checks to not
	include a CN

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/name-constraints-err.pem,
	tests/cert-tests/name-constraints-err.pem.out,
	tests/cert-tests/verify-test: Revert "tests: Added a nameconstraints
	test based on the CN bypass" The bypass check was included in
	chainverify.  This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a.

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, lib/x509/x509.c: doc update

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: only check name constraints in non-CA
	certificates

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: ignore constraints for different type
	than the checked

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/name-constraints-err.pem,
	tests/cert-tests/name-constraints-err.pem.out,
	tests/cert-tests/verify-test: tests: Added a nameconstraints test
	based on the CN bypass That was discussed in:
	http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/26660

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: when verifying name constrains
	enforce the single CN rule

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: compile gnutls without p11-kit by default

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: do not delete the pkgconfig directory

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: Added Alon's DCO link

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/autoopts.h: check for stdnoreturn.h presence

2014-08-24  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
	support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2014-08-24  Alon Bar-Lev <alon.barlev@gmail.com>

	* lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: record: tolerate a finished packet with
	errors in DTLS

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: record: in DTLS discard only messages that
	cause unexpected packet errors

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/suppressions.valgrind: tests: suppress more libidn
	warnings

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: danetool: ensure the temporary file is always
	removed

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/server_name.c, lib/includes/gnutls/gnutls.h.in: the
	server_name extension will convert input and output names to IDNA.

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/socket.c: tools: use idna_to_ascii_8z() to
	convert internationalized hostnames

2014-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/gnutls-idna.h, lib/x509/hostname-verify.c,
	lib/x509/output.c: hostname-verify: use idn_free()

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.c: doc update

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
	parameter generation only when FIPS-mode is enabled.

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
	qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
	generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.

2014-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: use the windows API in windows even if iconv is
	available

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: win32: updated Makefile and added the ability build
	openconnect

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for the correct version of libidn

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/hostname-check.c: tests: Added case sensitive checks in
	hostname verification

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/suppressions.valgrind: tests: copied valgrind
	suppressions to suite

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c: updated libtasn1

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suppressions.valgrind: tests: suppress valgrind warnings due
	to libidn

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/gnutls-idna.h,
	lib/x509/hostname-verify.c, lib/x509/output.c: 
	gnutls_x509_crt_print() will print the IDNA A-label names as well.

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: added UTF-8 hostname comparison
	checks

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/x509/hostname-verify.c: Added
	support for RFC6125 hostname comparison That adds the dependency on libidn.

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/hostname-verify.c,
	lib/x509/rfc2818_hostname.c: renamed rfc2818_hostname to
	hostname-verify The file no longer follows RFC2818.

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c: updated minitasn1

2014-08-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
	structures on re-import to avoid memory leaks.  That also adds the gnutls_pkcs7_t structure into the list of allowed
	to re-import.

2014-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: doc update

2014-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: doc update

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h: 
	Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
	previous import failed.

2014-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
	command line option That option will report the status of the FIPS140-2 mode in the
	library.

2014-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
	used to force the FIPS-140-2 mode

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
	single CN must be present for hostname verification.  Follow up on the original commit that simplifies checking for more
	than a single hostname.

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c: 
	gnutls-cli/danetool: added a common check for hostname being an IP

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
	rfc6125 requirement that a single CN must be present for hostname
	verification.

2014-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/hostname-check.c: tests: check that
	gnutls_x509_crt_check_hostname() will correctly use the last CN when
	multiple

2014-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: when checking the hostname of a
	certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
	Woodhouse.  https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c: gnutls-cli: more organized printing of
	cipher benchmark output

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
	benchmarked ciphers

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: bumped current and age version to allow 3.3.x
	releases with new symbols

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key(): enforce a
	block size of 64-bytes

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map: 
	mac_to_entry -> _gnutls_mac_to_entry

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12.c: pkcs12: added check for null OID in
	gnutls_pkcs12_generate_mac2

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12_encode.c: tests: check gnutls_pkcs12_generate_mac2()

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_generate_mac2() That allows a choice on the MAC algorithm to be used.

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: --p12-info will provide information on
	the MAC algorithm

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_mac_info to obtain
	information on the MAC

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
	keys tests for new internal API

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12: 
	tests: test the decoding of a PKCS #12 structure with SHA256 MAC

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
	verification with structures that support other than HMAC-SHA1 MACs.

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/gc.c: tests: remove test for nettle's pbkdf2; this is tested
	in nettle

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: testdane: re-enabled DANE checks and added
	checks on SMTP

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: danetool: obtain certificate only once

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
	modified prototype and doc to be recognized by doc parser

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug-args.def, src/danetool-args.def, src/socket.c: 
	danetool/gnutls-cli-debug: added support for imap starttls

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
	supports SMTP starttls

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: 
	danetool: supports SMTP starttls

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
	improvements in information presentation

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: libdane: disable debugging mode

2014-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: updated documentation for
	gnutls_handshake()

2014-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/danetool.c,
	src/ocsptool-common.c, src/socket.c, src/socket.h,
	tests/suite/testdane: danetool: if the certificate to verify against
	is not provide it try to obtain it

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
	lib/x509/pbkdf2-sha1.h, lib/x509/privkey_openssl.c,
	lib/x509/privkey_pkcs8.c, tests/gc.c: pbkdf2: removed internal
	implementation, use nettle's

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
	crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: corrected typo

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added --info parameter That allows obtaining information on a specific object.

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
	GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL.  That
	is, this performs an object URL comparison, rather than a token URL
	usage.

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c: p11tool: only print the debugging message in
	debuglevel > 4

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
	GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP

2014-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: removed reference to UMAC

2014-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: removed references to SALSA20

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: doc update

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: rearranged checks to avoid
	wrong deletions

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
	gnutls_pkcs11_obj_flags_get_str

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c: 
	tests: ensure that no environment variables confuse softhsm

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: test the trusted and ca flags
	being set

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c: 
	pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
	and gnutls_pkcs11_flags_get_str() allows printing them.

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
	gnutls_pkcs11_obj_flags

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: exit if
	export_pubkey_of_privkey fails

2014-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: simplify the passing of flags and pass the key wrapping
	flag

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: README: removed gmplib 4.2.2 reference

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
	updated

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
	_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: doc update

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
	gnutls_pkcs11_privkey_get_pubkey; named
	gnutls_pkcs11_privkey_export_pubkey

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
	GNUTLS_E_INVALID_REQUEST on invalid params

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c: p11tool: activate the --batch option

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: Test the export of public key

2014-08-06  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2014-08-04  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
	subsystem There are cases where we need to export the public key of private
	key at a later time. Previously, the public key was only available
	immediately after creation of a key pair. This patch allows to
	retrieve the public key of a private key at any time after creation.  Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: documented flags format

2014-08-04  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
	compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
	CAMELLIA to the list of default ciphers

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: mention profile in security parameters
	table

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/DCO/people-dco.txt: Added people who have sent a DCO for
	gnutls

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: pkcs12: fixes in decryption with null
	password

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: free unused variables

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/suppressions.valgrind: added missing file

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: print more information on PKCS #12
	structures.  use gnutls_pkcs12_bag_enc_info to print more information on
	encrypted PKCS #12 structures.

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
	lib/x509/x509_int.h: added new function to obtain information on a
	PKCS #12 encrypted bag New function: gnutls_pkcs12_bag_enc_info()

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: doc update

2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: default pkcs-cipher is now 3des as in
	PKCS #12

2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/privkey_pkcs8.c,
	src/certtool.c: gnutls_pkcs8_info: will return OID value even on
	unsupported structures

2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
	non-zero

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/certtool-args.def: doc update

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: simplified decrypt_data() and initialize
	parameters on decryption

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: further increase iteration count

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c, tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/openssl-3des.p8.txt,
	tests/pkcs8-decode/openssl-aes128.p8.txt,
	tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: 
	certtool: improved PKCS #8 information printing

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/openssl-3des.p8,
	tests/pkcs8-decode/openssl-3des.p8.txt,
	tests/pkcs8-decode/openssl-aes128.p8,
	tests/pkcs8-decode/openssl-aes128.p8.txt,
	tests/pkcs8-decode/openssl-aes256.p8,
	tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: 
	tests: added more PKCS #8 decoding tests

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: small fixes and
	optimizations in PKCS #8 information

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: added --p8-info
	option

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: added new functions
	to obtain information on PKCS #8 structures.  Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(), and
	gnutls_pkcs_schema_get_oid().

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS #8 encryption
	support was made more compact and manageable

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12.c: pkcs12: increased the number of iterations for
	MAC

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.c: removed debugging info

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.h, lib/nettle/rnd-common.c, lib/system.h,
	lib/x509/verify-high2.c: several windows compilation fixes

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: use _SYM_EXPORT to
	export other than function symbols

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
	src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
	src/libopts/check.c, src/libopts/compat/compat.h,
	src/libopts/compat/windows-config.h, src/libopts/configfile.c,
	src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
	src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
	src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
	src/libopts/load.c, src/libopts/m4/libopts.m4,
	src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
	src/libopts/nested.c, src/libopts/numeric.c,
	src/libopts/option-value-type.c, src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
	src/libopts/parse-duration.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
	src/libopts/stack.c, src/libopts/streqvcmp.c,
	src/libopts/text_mmap.c, src/libopts/time.c,
	src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: 
	updated to libopts 5.18.3

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, build-aux/gendocs.sh,
	doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
	gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
	gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
	src/gl/select.c, src/gl/xalloc.h: updated gnulib

2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12.c: updated documentation for
	gnutls_pkcs12_simple_parse

2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: master now holds the 3.4.0 release

2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/atfork.c, lib/atfork.h,
	lib/gnutls_global.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
	lib/pkcs11.c: Use pthread_atfork() and variants to detect fork

2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/inet_pton.c, lib/system.h,
	lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
	inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
	the library.

2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi: Added text on PKCS #11 verification

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
	applications that use a header of gnutls. Report and patch Ryan
	Schmidt.

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, doc/Makefile.am: check for sed in
	configure.ac and use the output variable in Makefiles

2014-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2014-07-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
	to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
	functionality is present.

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: doc update

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: added libdane/includes to includes dir

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.3.6

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
	missing functions

2014-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped library version

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: simplified initialization of variables.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: bogus and secure values are always
	initialized in dane_query_to_raw_tlsa

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dane.c: tests: eliminated leak from dane check

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: use gnutls_malloc() and doc update

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dane.c: Added self test for DANE raw
	functions

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool-args.def, src/danetool.c: danetool: added option to
	print the raw entries.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: doc update

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
	IV set.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
	_gnutls_prf_raw() which can calculate the TLS PRF without depending
	on a session structure.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140-2: do not check the libtasn1's integrity

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
	allowed in TLS 1.0.  That is because they implement the EncryptedPreMasterSecret encoding
	according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
	and there can be ambiguities when using that over SSL 3.0.  See:
	http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
	any action That allows a valid err_pos, even on a memory allocation error.
	Reported by Dan Fandrich.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: updated TODO

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: minimum version was changed to TLS
	1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
	usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
	returned on reinitialization

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c: 
	tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
	lib/x509/verify-high2.c: Added
	gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
	with trusted certificates.

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/system.c: Allow specifying a directory as trust
	store

2014-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-10  Simon Arlott <sa.me.uk>

	* libdane/dane.c, libdane/includes/gnutls/dane.h,
	libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
	dane_raw_tlsa() to make it easy to copy the results of the
	(synchronous) lookup query from one process to another.  This code allocates an unnecessary extra NULL entry for
	dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
	is 0 (it is possible for malloc/calloc to return NULL when requested
	to allocate 0 bytes).  Signed-off-by: Simon Arlott

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: FIPS140-2 tests: no need for MD5 check

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
	(and time-consuming) tests.

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: Allow specifying
	GNUTLS_CPUID_OVERRIDE in either hex or decimal.

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: Added option to disable any cpu
	optimizations

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c,
	lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
	registers

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: Allow overriding the detected
	CPUID using the GNUTLS_CPUID_OVERRIDE environment variable

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
	check for RSA encryption

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
	and DSA-3072 bit keys, as well as SHA256.

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
	and RSA-3072 bit keys

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: tests: check RSA with SHA256

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
	encrypted data differ from plaintext

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
	size required by SP800-38D (section 8.2)

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
	src/p11tool.c: p11tool/certtool: Added --curve parameter.  The curve parameter allows to explicitly specify the curve to use
	when generating a key.

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
	CKA_EC_PARAMS when generating an ECDSA key

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: only print warning about key sizes in RSA
	keys

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: make brief output more brief

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
	of memset()

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: dane: Skip DANE entries that may contain unknown
	info That would allow skipping any future entries without failing.
	Reported by Simon Arlott.

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain.  Reported by
	Simon Arlott.

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c: examples: mention that
	gnutls_global_init() is optional

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc: mention and link to trust storage module

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-tokens.texi: doc update

2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
	a sanity check for valid keys.  There can be keys where the id or label is empty and thus with zero
	length.

2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: Increased number of attributes

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: try to restart on session errors, to avoid
	having a failed call.

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: corrected pkcs11 reinitialization

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
	invalidate the cached session.

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: set the maximum value when printing
	library_description

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
	#11 privkey cached session

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
	and private objects, and there is no one-size fits all policy. Thus
	allow a proper failure and warn the user that so-login may be
	required.

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: Try to write the trusted
	object both by so-pin and normal pin

2014-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
	deleted after generation

2014-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
	GNUTLS_SO_PIN when setting the PINs of an initialized token.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/gendh.c: tests: gendh: increased the DH prime size to
	allow usage under FIPS140-2 mode

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: when in batch mode and no PIN, print a note
	about using the environment variables

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
	size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_key_id.c: tests: improved error reporting in crq_key_id

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc: properly terminate table

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
	from the acceptable bit sizes in FIPS140-2 DSA parameter generation.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c, src/common.c, src/common.h, src/danetool.c,
	src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
	mode and will not ask for PIN.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
	specified.  Added --batch parameter to disable interaction.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
	only a single token available, don't bother complaining about
	specifying the correct URL

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.h: updated comment

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: document that URLs are supported

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/testpkcs11,
	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
	tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
	gnutls_pkcs11_privkey_generate2(): corrected public key extraction
	(for ECDSA keys)

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
	security officer's PIN

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.

2014-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
	and IPv6 address matching.

2014-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE

2014-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
	3.2.x

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
	doesn't fit into our buffer.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
	as a hostname There are several misconfigured servers that placed their IP as a
	DNS name. Pointed out by David Woodhouse.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: supress warnings

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
	instead for AF_INET6

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
	addresses.  The old dumb code is used in systems that don't have that function.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: Added test cases for IPv4/6
	matching.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
	checks text ip addresses as well.  That aligns the documentation with the implementation. Reported by
	David Woodhouse.

2014-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: initialize str to NULL

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c: fixed documentation

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/aki, tests/cert-tests/pathlen,
	tests/cert-tests/pem-decoding, tests/suite/crl-test,
	tests/suite/invalid-cert, tests/suite/testcompat-main,
	tests/suite/testrandom: tests: better replacement of LIBTOOL
	variable in scripts

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: ship certs/

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
	symbols

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def, src/serv.c: gnutls-serv: removed the
	--print-cert option; the cert was anyway being printed.

2014-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: corrected typo

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c: minitasn1: updated to version 4.0

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: updated documentation

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: Warn when no --outfile has been specified
	on key generation

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
	structure generation and decoding.

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: certtool: allow specifying
	the friendly name on the command line and use the
	load-ca-certificate

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: warn in more operations if --login is not
	specified

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: No longer assume a default URL for
	operations.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: p11tool: Do not allow a newline as PIN.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
	is zero.

2014-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* THANKS: updated thanks file

2014-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: clarified license text

2014-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: Do not try to load the system CA trust if
	--insecure is specified.

2014-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_srp.c: doc: more consistent use of pointer star.

2014-06-16  Attila Molnar <attilamolnar@hush.com>

	* lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
	for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2014-06-16  Attila Molnar <attilamolnar@hush.com>

	* doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
	Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
	in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
	introduced to avoid exporting a structure on the API.  That change will allow exporting more info associated with a packet
	in the future.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
	the same on resumed sessions.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-chainverify.c: Test the return code of
	gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
	token.  Check whether the return code of
	gnutls_x509_trust_list_add_trust_file() is non-zero when
	certificates are present.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
	returns the number of certificates present when loading a PKCS #11
	URL.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: Allow marking a certificate as a CA.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
	GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.  That flag allows to mark a certificate in the token as a CA
	(category==CA)

2014-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: coding style: update the DCO text

2014-06-15  Attila Molnar <attilamolnar@hush.com>

	* lib/gnutls_state.c: doc: Corrections for
	gnutls_handshake_set_hook_function()

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: updated text for the ALPN
	experimental protocols

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
	are duplicated in the section index.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/eagain-common.h,
	tests/mini-x509-callbacks-intr.c: tests: Added check for the
	interrupted post client hello.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/gnutls_v2_compat.c: handshake: Allow the post client hello
	callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
	GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
	and can be resumed when needed.

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: use the new API for receiving data

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/anonself.c: Adapted test to check
	gnutls_record_recv_packet().

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
	i.e., a variant that eliminates the data memcpy().

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: Use proper HTTP request

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: When decoding of a DN string fails, treat it as
	unknown string and print its hex value.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: Print errors but avoid being verbose on
	stderr

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: avoid sizeof() on lbuffer

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: ensure that allocated buffer has
	a minimum size of 64kb.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: Added option
	--stdout-info

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: initialize iterator.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c: corrected the allocation size for CRL iterator.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/crl-test,
	tests/suite/crl/long.pem: Added test for CRL decoding.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
	thread-safe by making the iterator explicit.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/suite/Makefile.am, tests/suite/invalid-cert,
	tests/suite/testcompat-main, tests/suite/testrandom: Pass the
	LIBTOOL variable into test scripts That allows using the detected libtool in scripts.  That corrects an
	issue on OS X systems that ship a different libtool. Reported by
	Daniel E. Macks.

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
	gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.

2014-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
	gnutls_x509_crl_get_crt_serial2(), a faster variant of
	gnutls_x509_crl_get_crt_serial().  The new function caches pointers to allow working faster in CRL
	structures with lots of entries (e.g., 50000+ entries).

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c,
	src/danetool.c: certtool: When an external file is used increase out
	maximum buffer accordingly.

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Abort printing on error.

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: tie the weak DH warning to the very weak security
	parameter.

2014-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values.  That should resolve issue #108592 at
	http://savannah.gnu.org/support/?108592

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
	SSLv2 hello length.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2014-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
	sources

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated windows makefile

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
	files for gnutls_credentials_get()

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/long-session-id.c: Added test for memory
	corruption issue in server hello.  Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/gstr.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h: updated libtasn1

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: avoid cleanup when there are no allocations in
	_gnutls_x509_der_encode().

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ecc.c: cleanup resources on
	_gnutls_ecc_ansi_x963_export() failure.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def, src/serv.c: Added the --print-cert option to
	gnutls-serv.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-extras.c: certtool: correct size calculation when
	loading privkey

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: re-indented messy table.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: Removed unused function.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: document the symbol version bump needed in a .so
	version bump.

2014-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Prevent memory corruption due to server
	hello parsing.  Issue discovered by Joonas Kuorilehto of Codenomicon.

2014-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: only try to copy session ID if there is a
	session ID.

2014-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-29  Kurt Roeckx <kurt@roeckx.be>

	* lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: increased the maximum certificate size buffer in the
	PKCS #11 subsystem.

2014-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: re-enabled config path discovery code, and check the
	return code of getpwuid_r().  Reported by Viktor Dukhovni.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
	src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more.  It could not be emulated with the new library.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/accelerated.c: removed old check for nettle

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/safe-memset.c: safe_memset: allow memset of zero bytes.

2014-05-27  Hani Benhabiles <kroosec@gmail.com>

	* lib/x509/verify-high.c: Fix unused variable warning without
	PKCS#11 support.  Signed-off-by: Hani Benhabiles <hani@linux.com>

2014-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: Include path in ocsp request.  This resolves #108582 (https://savannah.gnu.org/support/?108582),
	reported by Matt McCutchen.

2014-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/protocols.c, lib/gnutls_handshake.c: 
	_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
	instead of negative.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: Allow wildcard comparison of options.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: Warn when invalid configuration
	options are set into a template.

2014-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Do not allow null strings to be read from ASN.1
	structures.  This corrects a null pointer dereference when parsing some specially
	crafted certificates. Issue discovered using the Codenomicon TLS
	test suite.

2014-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: removed redundant null termination

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
	prefix from static functions.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: Do not call the user_hello_func multiple
	times when performing ticket resumption.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
	zero if data is NULL and memory buffer size is not sufficient.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: 
	When assigning the TLS version, double check that it is valid.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
	there is a valid negotiated version.  Issue discovered by Joonas Kuorilehto of Codenomicon.

2014-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: Added aliases for unit and organization.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: use a signed value for bits.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: allow multiple organizations and
	organizational unit names to be specified in a template.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: increased the number of allowed elements in
	a priority string.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: simplify break_comma_list().

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
	internal _gnutls_x509_get_signature().  That prevents unnecessary replication of its code.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/x509.c: more sanity checks on
	signature size

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def: 
	tools: Replace normal sec-param with medium in documentation.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
	print the bug reports line from autogen.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
	lib/safe-memset.c: do not yet export gnutls_memset().

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-05-15  Michał Górny <mgorny@gentoo.org>

	* tests/slow/Makefile.am: tests/slow: add -I flags necessary for
	out-of-source builds.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-05-15  Michał Górny <mgorny@gentoo.org>

	* tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
	out-of-source builds.  The set_pkcs12_cred used to default to looking for input files in a
	subdirectory of the current working directory. When an out-of-source
	build is performed, the files reside in a subdirectory of source
	directory instead. Set PKCS12PATH to that directory in order to fix
	the build.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa: changed port of DSA test

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
	correct signature size rather than the max.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: Print the openpgp DN only when
	gnutls_openpgp_crt_get_name() failed appropriately.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: initialize string in
	gnutls_x509_ext_import_basic_constraints().

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected error checking in
	gnutls_x509_crt_get_extension_data()

2014-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: Allow null list_size argument in
	gnutls_certificate_get_peers()

2014-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: certificate verification is performed asynchronously.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool-args.def: enhanced the danetool usage instructions.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: Do not use autogen's file option for input
	parameters.  Instead use a string. We check the file for validity and autogen's
	check was imposing rules such as normal file (as opposed to a
	device), that were not needed.

2014-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: check for null prior to checking
	for empty passwd

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdhe.c: cleanup in the initialization of ECDH
	parameters.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: Eliminated memory leak on failed curve
	assignment.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: if dane verification is used but not PKIX
	only check the end certificate.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
	gnutls_set_default_priority() in examples.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h,
	libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
	allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
	prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
	prototypes for dane_verify_crt_raw2().

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
	lib/safe-memset.c: export gnutls_memset().

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h,
	libdane/libdane.map: Added dane_verify_crt_raw2() which allows
	verifying against the certificate name.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: Improved dane_verify_session_crt(), which now
	attempts to create a full chain.  This addresses points from
	https://savannah.gnu.org/support/index.php?108552

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
	lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
	lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c: removed legacy code.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_credentials_get().

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def, src/serv.c: Added gnutls-serv option
	--verify-client-cert.  That option allows forcing verification of the provided certificate
	even if it is not required to present one. In that case the
	connection will be closed with a fatal alert.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c: Addressed memory leak in status request
	extension handling during rehandshake.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
	DHE and ECDHE rehandshakes.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross compilation Makefile.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/safe_renegotiation.c: Avoid memory leak in safe
	renegotiation extension handling.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c: 
	Small cleanups in packet receive as well as a memory leak error.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated documentation on library
	initialization to reflex the changes in 3.3.0.

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/locks.c: re-enabled gnutls_global_set_mutex().

2014-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Do not run autogen twice to generate the header
	files.

2014-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: Ship suppressions.valgrind

2014-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2014-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
	remainders in the TLS handshake packets.  The issue was discovered using the codenomicon TLS suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srp.c: Account the length byte in SRP extension.  Issue identified using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: Do not set "NORMAL" as default priority string.  That is, allow the library to select the appropriate default.

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: fixed typo

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
	lib/includes/gnutls/x509.h, lib/priority_options.gperf,
	lib/x509/verify.c: Added the 'very weak' certificate verification
	profile.  This profile corresponds to a 64-bit security level (e.g., RSA
	parameters of 768 bits).

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509/cert-ecc.pem,
	doc/credentials/x509/clicert-ecdsa.pem,
	doc/credentials/x509/clikey-ecdsa.pem,
	doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
	secp256r1

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
	generate 256-bit keys by default.  Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
	not widely supported.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509/clicert-ecdsa.pem,
	doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c: Corrected an off-by-one error.  The issue was discovered using the codenomicon TLS suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srp.c: initialize to null the SRP extension data on
	allocation.  Issue identified using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testrng: Modified the testrng for Debian's dieharder.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/sign.c: Better check for null signature method.  Issue identified using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c: 
	More precise packet length checking.  Issue discovered using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk_passwd.c: Eliminated password file descriptor leak.  Issue discovered using codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Added a timeout to close inactive sessions.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Send the appropriate alert when a certificate is
	required but not present.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: use __sun definition to detect solaris.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Cleaned up server process.  This eliminates an infinate loop triggered by unexpected client
	disconnections.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: Added support for constructors and
	destructors in solaris CC.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testrng: Updated dieharder tests.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha: doc update

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/cipher-test.c: include header for self-test functions

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testrng: Allow testrng test to run with older versions
	of dieharder.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
	casting to mpz_t using __mpz_struct and cleaned up mpz_t access.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
	casting to mpz_t using __mpz_struct.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c: updated included libtasn1.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: Do not return from void functions. Reported by
	dev [at] cor0.com.

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: removed return from void function.

2014-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/rng.c, tests/suite/testrng: updated prng test

2014-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
	tests/suite/testrng: Test the random generators in gnutls using the
	dieharder tool.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-get-issuer.c: use different db file for
	pkcs11-get-issuer.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
	test to verify whether gnutls_x509_trust_list_get_issuer() operates
	correctly under PKCS #11 trust list.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/verify-high.c: 
	gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
	#11 trust list.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: initialize the size value

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c: 
	Include the correct header for the self tests functions

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/safe_renegotiation.c: removed redundant code. Reported by
	David Binderman.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: increased MAX_DATA_ENTRIES to 100.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: rearranged code

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: only fail DANE verification if status is non-zero

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
	certificate using DANE if there is at least one entry that matches
	the certificate.  This corrects the previous behavior that was rejecting the
	certificate if there were multiple entries and one couldn't be
	validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
	DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
	if the call to gnutls_global_init() failed.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
	initialization of random generator. Reported by Martin Kletzander.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd.c: Revert "Avoid dual initialization of random
	generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-x86-ssse3.c,
	lib/accelerated/x86/x86-common.c, lib/accelerated/x86/x86-common.h,
	lib/accelerated/x86/x86.h: x86.h was renamed to x86-common.h to
	avoid clashes with system headers.

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Avoid dual initialization of random generator.
	Reported by Martin Kletzander.

2014-04-19  Kurt Roeckx <kurt@roeckx.be>

	* lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
	mode we are.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-04-19  Kurt Roeckx <kurt@roeckx.be>

	* lib/fips.c: Add _gnutls_fips_mode_enabled() return values.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-04-19  Andreas Metzler <ametzler@bebt.de>

	* lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
	suggestion by Shawn (sth0r2046 [at] gmail.com).

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
	(sth0r2046 [at] gmail.com).

2014-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Allow exporting a CRL in DER format.

2014-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, THANKS: cleaned up authors and thanks file.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/invalid-cert,
	tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
	tests/suite/testrandom: More script tests run under valgrind

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Treat othername as printable (i.e., null
	terminate it), as the XMPP printing code assumes that.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: cleanups in output

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
	longer possible in 3.3.x.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: relased 3.3.1

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: changed port to allow parallelization

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
	longer part of the API (though it remains in the ABI).

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
	gnutls_secure_malloc() to avoid breaking ABI.  gnutls_secure_calloc() is no longer exported as it was never in any
	public header.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: removed file from Makefile that doesn't exist

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: gnutls-cli will no longer allow the session to proceed
	if DANE verification fails.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
	tests/cert-tests/xmpp-othername.pem: Added test certificate with
	multiple XMPP othername SAN fields.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
	lib/x509/x509.c: Corrected decoding of XMPP SAN othername.  This also corrects the semantics of the get_*_othername_oid()
	functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: always initialize size values

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: copy_string() and copy_data() are more
	resilient on null input

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: increased server startup wait time.  That is because we now check for key/certificate match via a
	sign/verify request that may take longer in some systems. Based on
	patch by Andreas Metzler.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get().  That caused a null pointer dereference when extracting names from a
	certificate that contained an OtherName. Reported and investigated
	by Kirill A. Shutemov.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
	the already unused secure alloc functions.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/safe-memset.c: Use a harder to optimize out memset().

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fix typo

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pskself.c: include hint into psk test.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_psk.c: eliminated the leak of hint when deallocating
	the credentials.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
	replacing of auth info based on the provided credentials type.  This avoids issues with discrepances in server and client mode.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
	lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
	lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
	lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c: Both DANE and PKI verification are
	advisory when --tofu is being used.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: When checking for data to be received use
	the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
	Reported and investigated by JMRecio.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: documentation update.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Do not print certificates twice.  That will improve the visibility of messages of the various
	verification methods.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: Updated TOFU documentation. Suggested by Jens
	Lechtenboerger.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool.c: added newlines to p11tool error messages

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: corrected uninitialized value

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: removed conditionally exported functions.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/self-test.h: Added self check functions to
	self-test.h.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, m4/hooks.m4: bumped versions

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
	tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
	issues in the future

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: increased the space available for
	certificates.  That avoids a crash in sparc64; reported by Andreas Metzler.

2014-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: doc update

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: use the same cflags for included programs as with
	library.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
	any input state.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
	lib/verify-tofu.c: several bug fixes due to coverity.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
	lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
	fixes due to coverity.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
	lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
	reported from coverity in opencdk.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: correctly check for message upper limit.

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
	only CRLs in gnutls_x509_trust_list_add_trust_file().

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: Added the PFS priority string.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected Peter's name!

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
	tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
	tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
	#8 files with ECC parameters from openssl.  These files do not contain the curve information with the private
	key (ECPrivateKey), but they rather contain it in the
	privateKeyAlgorithm.

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: More strict checking of heartbeat padding
	size boundaries.  This will let us enforce RFC6520 minimum size for padding. Suggest
	by Peter Williams; initially investigated by Frank Li.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.h: unconditionally zeroize temporal keys.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
	dependency

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
	the FIPS140-specific functions into the main documentation.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: Added missing file

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated documentation

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, symbols.last: updated exported symbols table.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
	lib/libgnutls.map: mark functions that are only available under
	FIPS140 mode

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files.

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: doc update

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
	public and private keys match.

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: doc update

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: update gmplib location

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: removed double entry

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
	updates

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
	include this gnulib module.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: do not build ecore when cross-compiling
	for windows.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4: Added bind gnulib module.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4: Added connect gnulib module.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/tests/Makefile.am, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c: Added getline() in gnulib.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: corrected configure test for pthread_mutex_lock

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c, lib/x509/x509.c: updated documentation

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/certs/create-chain.sh: updated test cert generator.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
	doc/examples/verify.c, lib/gnutls_cert.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
	src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
	tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
	the extendable gnutls_certificate_verify_peers().  That will allow adding new functionality to verification without the
	need to add new functions.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/examples/ex-client-x509.c, doc/examples/verify.c,
	lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
	verify in addition to hostname, the purpose of the end-certificate.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped version

2014-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
	using gnutls_certificate_verify_peers3().

2014-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: modify to conform to the documentated
	level.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated makefile

2014-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am: avoid checking or linking with
	libpthread in windows

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: Corrected check for softhsm shared object.

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: Allow multiple spaces into priorities file.

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c: 
	The "SYSTEM" initial keyword was replaced with the more generic
	"@KEYWORD" The @KEYWORD string will open the pre-configured system priority
	file and will expand the KEYWORD, to the priority string set in the
	file.  The file should have the following format:
	KEYWORD=PRIORITY_STRING

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: Use the IANA assigned padding extension number.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: skip the test if softhsm doesn't exist

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
	and config in tests to allow parallel runs.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: added softhsm dependency for testsuite

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
	tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
	softhsm That allows us running it in the normal test suite.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c, src/cli-args.def,
	src/cli.c, src/p11tool.c: Allow using the --provider parameter in
	gnutls-cli and certtool to specify a PKCS #11 module.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c: updated test to run in more
	systems.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: set the same flags in the second search

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore the softhsm test suite files.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: fixed bashisms

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/certs/create-chain.sh: depend on bash for the
	create-chain script

2014-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509.c: Enhanced test to check that the correct number
	of certificates is received

2014-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected check for sorted server certificate
	chain.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
	is specific to p11-kit trust modules.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
	the certificate verification tests in PKCS #11-based verification
	using softhsm.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Perform time check when removing a certificate
	in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
	same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
	certificate, and the self-signed isn't in our pkcs11 trusted list,
	make sure that we search for the non-self-signed as well. This
	affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
	#11 trust module.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: Allow manually loading a 'trusted' module.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
	libraries from the destructor.  If we do and the PKCS #11 modules are already being unloaded, we may
	crash.  If the deinitialization of the PKCS #11 subsystem is
	required then, gnutls_pkcs11_deinit() must be explicitly called.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
	test chains from chainverify program.

2014-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/key-id/Makefile.am,
	tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
	tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
	tests/key-id/key-ca.pem, tests/key-id/key-id,
	tests/key-id/key-user.pem, tests/key-tests/Makefile.am,
	tests/key-tests/README, tests/key-tests/ca-gnutls-keyid.pem,
	tests/key-tests/ca-no-keyid.pem,
	tests/key-tests/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
	tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
	tests/key-tests/key-ca.pem, tests/key-tests/key-id,
	tests/key-tests/key-user.pem, tests/key-tests/pkcs8: Added self-test
	for PKCS #8 key conversion and reading

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: the chainverify test ensures that there is no
	diverge between different verification functions.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: When verifying check for the same
	certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
	certificate, and the self-signed isn't in our trusted list, make
	sure that we search for the non-self-signed in our list as well.
	This affects, gnutls_x509_trust_list_verify_crt() and makes its
	results identical to gnutls_x509_crt_list_verify().

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha: mention test on smart card support

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: Added make check to the make process in README

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: changed the behavior in
	certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
	output.  The previous behavior of encrypting using an empty password
	can be replicated using --empty-password.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: Updated documentation on null-password and
	password options of certtool.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testrandom: Added test to check verification with
	randomly generated certificates.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: Combined the code to set CRL next update with
	certificate expiration date.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: corrected typo

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: improved error message

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: When a CRL serial number is not specified, generate
	a time-based one.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-shared-key.texi: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
	lib/priority_options.gperf: Added priority string
	%DISABLE_WILDCARDS.  This will disable any wildcard matching when comparing hostnames in
	certificates.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
	tests/hostname-check.c: Added verification flag to disable wildcard
	checking This adds the verification flag
	GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
	gnutls_x509_crt_check_hostname2(),
	gnutls_openpgp_crt_check_hostname2().

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
	tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/complex-cert.pem,
	tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
	SHA256 fingerprint output in certtool

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: doc update

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Print the SHA256 fingerprint of the certificate
	in addition to SHA1.

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: simplified
	gnutls_certificate_client_get_request_status() - no error is
	possible.

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: cleaned up documentation of
	gnutls_record_send()

2014-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: Added test for CVE-2014-0092

2014-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: removed reference to mini_xssl

2014-03-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added self checks for various verification
	profiles

2014-03-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
	uncork usage under DTLS.

2014-03-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
	friendly.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: using the SYSTEM priority string will fail
	if there is no system file

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: reformatted NEWS entries

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
	lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
	security.  Introduced the LEGACY keyword which will enable the settings used in
	GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
	compatibility with weak or misconfigured servers is required.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/manpages/Makefile.am: replaced wrong manpage generation
	parameter

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation

2014-03-26  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
	dual-license LGPLv3+/GPLv2+ license.  This licensing change affects the licenses under which versions of
	GnuTLS can be redistributed.  Update the README to reflect this change.

2014-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Fix patch version calculation when it contains
	non-numeric chars

2014-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: print RSA-EXPORT status

2014-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: use isascii instead of isprint for
	internationalized name detection

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: bump so version

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
	level

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: add a check for invalid DH parameters.

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
	DHE prime and exponent size.

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2014-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509-extensions.c: fixed test to use the correct function
	names.

2014-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
	tests/hostname-check.c: Severely simplified hostname matching.  Now only wildcards only the leftmost position of the string are
	allowed (followed by at least two components), and are only taken
	into account into ascii strings. Non-ascii strings are compared
	byte-by-byte.  That means that wildcards in the form
	bar*foo.example.com are no longer accepted, as well as wildcards of
	the form *.*.*.example.com.

2014-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	use commit suffix for functions that return a status code.

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
	RNG code.

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: the longer e-mail caused crash in autogen's
	manpage generation

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
	doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
	lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
	lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
	some of the newly introduced functions

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: set the invalid flag when the owner is
	unexpected.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
	tests/hostname-check.c: Changed the behaviour in wildcard acceptance
	in certificates.  Wildcards are only accepted when there are more than two domain
	components after the wildcard. This will prevent accepting
	certificates from CAs that issued '*.com', or 'www.*'.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-extensions.c: Added more key usage flags in the test
	for x509-extensions.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-extensions.c: x509-extensions test will fail if an
	unhandled extension is found.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: ship the gperf file and the generated one.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
	doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi: documented the new X.509 extension API

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
	can now write more than a single crl_dist_point.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-tests/template-test.pem,
	tests/cert-tests/template-test.tmpl,
	tests/cert-tests/template-utf8.pem,
	tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
	tests/x509-extensions.c: Added unit tests for new API

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
	X.509 extensions.  This API handles the X.509 extensions in separate, allowing to parse
	similarly formatted extensions stored in other structures. In
	addition functions that simplify the extraction of extensions from
	known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.

2014-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: Corrected error checking in
	_gnutls_x509_ext_gen_proxyCertInfo

2014-03-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2014-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: initialize pointer

2014-03-12  Luis G.F <luisgf@gmail.com>

	* src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
	reference is lost if an allocation error occured.  Signed-off-by: Luis G.F <luisgf@luisgf.es>

2014-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: use the number of seconds as serial in 32-bit
	systems

2014-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: Only check PK compatibility in client side but
	also when using openpgp certs.

2014-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/kx.c: corrected initializer

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c: shortend static function names.

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
	that the algorithm of the received certificate matches the expected.

2014-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/cha-functions.texi,
	doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
	doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
	doc/manpages/Makefile.am, lib/Makefile.am,
	lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
	lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
	tests/mini-xssl.c: The xssl experimental library was removed.  While the idea of a high level library is nice, there are no
	resources to maintain an additional library.

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
	enable linking with nettle-mini

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: re-enabled certificate verification

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
	SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
	defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
	under SSL 3.0, it will during MAC initialization.

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
	lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
	lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/x509.c: stricter type usage

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
	lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
	when needed

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
	lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
	clang

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: silence some warnings

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
	lib/verify-tofu.c: clang warning fixes

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: removed unused variables.

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
	will not be able to find the input file if GnuTLS is built out of
	tree, e.g.      mkdir build     cd build     ../configure     make Also, add missing targets for %-args.h, to avoid this error:     make[2]: Entering directory `/home/user/gnutls/src'     autogen srptool-args.def     autogen psk-args.def     make[2]: *** No rule to make target `ocsptool-args.h', needed by
	    `all'.  Stop.  make[2]: Leaving directory
	    `/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
	instead of using a GNU '%' pattern rule:
	https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* .gitignore, doc/Makefile.am: Fix build failures involving
	doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
	with no input file and it will hang forever waiting for content from
	stdin:     mv -f enums.texi-tmp enums.texi     mkdir enums     ../../doc/scripts/split-texi.pl enums enum < enums.texi     echo stamp_enums > stamp_enums     cd ../src/ && autogen -Tagtexi-cmd.tpl  && \         rm -f ../doc/invoke-gnutls-cli.texi && \         ../doc/scripts/cleanup-autogen.pl
	        <../src/invoke-gnutls-cli.texi
	        >../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
	        ../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
	rm -f ../src/invoke-gnutls-cli.texi     <HANG> Since these documents are @include'd by other documents, it is
	probably a good idea to make sure the targets are buildable in case
	they get listed as prerequisites.  2) SRC_DEF_* used relative paths which are correct for an in-place
	build, but incorrect for an out-of-tree build.  They should use
	something like $(top_srcdir)/src to resolve the ambiguity.  3) cleanup-autogen.pl was also referenced using a relative pathname,
	breaking out-of-tree builds.  4) The non-portable "sed -i" flag was used.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* README-alpha: README-alpha: Add gperf dependency for building from
	git Without gperf, priority-options.h does not get built and this
	results in a compile error.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
	missing SIZE_MAX on Android).  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: more type separation

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: use psktool-args

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: more type separation

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: separated types for easier verification

2014-03-06  Kevin Cernekee <cernekee@gmail.com>

	* .gitignore, doc/manpages/Makefile.am, src/Makefile.am,
	src/psk-args.def, src/psk.c, src/psktool-args.def: Rename
	psk-args.def to psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
	currently invoke-psktool.texi is generated from psk-args.def.  If we
	make psktool conform to the same convention as the other utilities,
	we can use a generic pattern to handle all of them the same way.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-06  Kevin Cernekee <cernekee@gmail.com>

	* doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
	$(srcdir).  When we do, chaos ensues:     mv -f enums.texi-tmp enums.texi     mkdir enums     ../../doc/scripts/split-texi.pl enums enum <
	    ../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
	    file or directory make[4]: *** [stamp_enums] Error 1     make[4]: Leaving directory `/home/user/gnutls/build/doc'     make[3]: *** [all-recursive] Error 1     make[3]: Leaving directory `/home/user/gnutls/build/doc'     make[2]: *** [all] Error 2     make[2]: Leaving directory `/home/user/gnutls/build/doc'     make[1]: *** [all-recursive] Error 1     make[1]: Leaving directory `/home/user/gnutls/build'     make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/extras.c: Ensure failure when no base64 data have been
	read. Suggested by Ramkumar Chinchani.

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: xssl compilation fix; patch by Colin Leroy

2014-03-05  Jason Spafford <nullprogrammer@gmail.com>

	* lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
	parameter before it checked if the parameter was null.  Signed-off-by Jason Spafford nullprogrammer@gmail.com

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, symbols.last: Added symbol check prior to release
	(after discussion with Andreas Metzler)

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: updated doc

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/test-driver, build-aux/ylwrap: updated build-aux files

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: removed no-split as it causes issues in pdf
	building

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
	gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
	gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
	gl/tests/test-bind.c, gl/tests/test-connect.c,
	gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
	gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
	libgl

2014-03-05  Nick Alcock <nick.alcock@oracle.com>

	* configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
	if autogen is not needed.  After commit 6addbc3, specifying --enable-local-libopts
	unconditionally replaces the autogen-erated files with their
	distributed copies, and substitutes AUTOGEN to false.  The assumption here is that if --enable-local-libopts is not
	specified, autogen cannot be installed, and that the distributed
	copies necessarily exist.  Neither assumption is always correct.
	e.g. someone building a 32-bit copy of GnuTLS from git with a copy
	of autogen on their system will have a 64-bit copy of libopts, and a
	working /usr/bin/autogen, but not a 32-bit libopts.  Since building
	autogen depends on Guile, this is a rather heavyweight pile of gear
	to require.  (You can force a successful build in this case, but it
	requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
	distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
	we do not substitute AUTOGEN, so as to let any copy of autogen that
	configure found on the system do its job if necessary, while not
	forcing the user to link against the copy of libopts which came with
	that autogen.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c: 
	session tickets can be disabled

2014-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/Makefile.am, lib/ext/cert_type.c,
	lib/ext/status_request.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c: 
	increased code disabled from disable-ocsp and disable-openpgp
	options

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/ext/Makefile.am,
	lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
	lib/priority_options.gperf, src/cli-args.def,
	tests/mini-record-2.c, tests/mini-record-range.c,
	tests/mini-record.c: NEW_PADDING has been removed.  This extension did not get accepted by IETF so it is now being
	removed. The gnutls_range API is kept in case length hiding is
	implemented in a different way at some point.

2014-03-05  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
	manual.

2014-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/Makefile.am: examples include both gnulibs

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
	src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
	src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
	src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
	src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
	src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
	src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
	src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
	gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
	gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
	gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
	gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
	gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
	gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
	gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
	gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c: removed getpass from gl/

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: changes for new gnulib in src/

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: corrent error print in win32

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/system.c: Changes to account for the reduced
	included gnulib

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/crywrap/crywrap.c: added missing declaration

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: removed any dependencies to gnulib network
	stuff

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
	insistence to replace strerror

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
	src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
	src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
	src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
	src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
	src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
	src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
	src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
	src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
	src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
	src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
	src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
	src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
	src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
	src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
	src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
	src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
	src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
	src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
	src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
	src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
	src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
	src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
	src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
	src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
	src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
	src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
	src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
	src/gl

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
	gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
	gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
	gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
	gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
	gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
	gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
	gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
	gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
	gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
	gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
	gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
	gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
	gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
	gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
	gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
	gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
	gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
	gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
	gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
	gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
	gl/tests/test-accept.c, gl/tests/test-close.c,
	gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
	gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
	gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
	gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
	gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
	gl/tests/test-listen.c, gl/tests/test-lstat.c,
	gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
	gl/tests/test-pathmax.c, gl/tests/test-perror.c,
	gl/tests/test-perror.sh, gl/tests/test-perror2.c,
	gl/tests/test-pipe.c, gl/tests/test-recv.c,
	gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-select.h, gl/tests/test-send.c,
	gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
	gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
	gl/tests/test-stat.c, gl/tests/test-stat.h,
	gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
	gl/tests/test-symlink.c, gl/tests/test-symlink.h,
	gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
	unused gnulib crap

2014-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/crywrap/crywrap.c: fixed more memory leaks in crywrap

2014-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/crywrap/crywrap.c: addressed memory leak in crywrap.c

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: check the blacklist for certificates
	provided in gnutls_x509_trust_list_verify_named_crt().

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
	configure option.

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: rsa-export is no more

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: updated option for TPM

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: replace select() on windows

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: print message before failing when the pull
	timeout function isn't replaced.

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
	SHA1; suggested by Manuel Pégourié-Gonnard.

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
	build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	build-aux/useless-if-before-free, build-aux/vc-list-files,
	doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
	gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
	gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
	gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
	gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
	gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
	gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
	gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
	gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
	gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
	gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
	gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
	gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
	gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
	gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
	gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
	gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
	gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
	gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
	gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
	gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
	gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
	gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
	gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
	gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
	gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
	gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
	gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
	gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
	gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
	gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
	gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
	gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
	gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
	gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
	gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
	gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
	gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
	gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
	gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
	gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
	gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
	gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
	gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
	gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
	gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
	gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
	gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
	gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
	gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
	gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
	gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
	gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
	gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
	gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
	gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
	gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
	gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
	gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
	gl/tests/test-base64.c, gl/tests/test-binary-io.c,
	gl/tests/test-bind.c, gl/tests/test-byteswap.c,
	gl/tests/test-c-ctype.c, gl/tests/test-close.c,
	gl/tests/test-connect.c, gl/tests/test-dup2.c,
	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-float.c, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-fseek.c,
	gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
	gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
	gl/tests/test-func.c, gl/tests/test-fwrite.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
	gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
	gl/tests/test-getline.c, gl/tests/test-getpeername.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
	gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
	gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-ioctl.c, gl/tests/test-listen.c,
	gl/tests/test-lstat.c, gl/tests/test-lstat.h,
	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
	gl/tests/test-netinet_in.c, gl/tests/test-open.c,
	gl/tests/test-open.h, gl/tests/test-pathmax.c,
	gl/tests/test-perror.c, gl/tests/test-perror2.c,
	gl/tests/test-pipe.c, gl/tests/test-read-file.c,
	gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
	gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
	gl/tests/test-select.c, gl/tests/test-select.h,
	gl/tests/test-send.c, gl/tests/test-sendto.c,
	gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
	gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
	gl/tests/test-sockets.c, gl/tests/test-stat.c,
	gl/tests/test-stat.h, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
	gl/tests/test-strerror_r.c, gl/tests/test-string.c,
	gl/tests/test-strings.c, gl/tests/test-strnlen.c,
	gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
	gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
	gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
	gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
	src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
	src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
	src/gl/intprops.h, src/gl/m4/00gnulib.m4,
	src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
	src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
	src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
	src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
	src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
	src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
	src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
	src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
	src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
	src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
	src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
	src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
	src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
	src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
	src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
	src/gl/parse-datetime.h, src/gl/parse-datetime.y,
	src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
	src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
	src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
	src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
	src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
	src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
	src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c: 
	updated gnulib

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
	when they are available in TLS1.0

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: The default priority is reset to NORMAL

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Revert "the default priorities are reset to
	be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: mention SHA384 as MAC option

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/serv-args.def: documented the defaults

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: the default priorities are reset to be
	NORMAL.  Reported by Manuel Pégourié-Gonnard.

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def: Add required priorities

2014-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Preinitialize values; suggested by Sebastian
	Krahmer and Tomas Hoger.

2014-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: added doc on is_issuer() checks

2014-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: removed not trusted message; reported by Michel
	Briand.

2014-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: updated for verification updates

2014-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Updated verification function

2014-02-22  Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>

	* src/cli-args.def, src/cli.c: New option --stricttofu for
	gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
	certificate changes.  I added the option --stricttofu that omits the
	question and fails instead.  The contribution is in accordance to the "Developer's Certificate of
	Origin" as found in the file doc/DCO.txt.  Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: moved priorities check to the first call
	only.

2014-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: removed duplicate definition; reported by
	Dennis Philipps.

2014-02-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.CODING_STYLE: updated coding style

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-nc.pem: added cert

2014-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: corrected check

2014-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
	values

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: updated

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: When appending a name, ensure that we
	append to the end of the list.

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: use gnutls_free()

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: corrected email in texi

2014-02-20  Attila Molnar <attilamolnar@hush.com>

	* lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
	resistance against guessing usernames When a client tries to authenticate using an unknown username,
	instead of generating a random salt every time, generate the salt
	based on the username and a secret seed.  The seed is settable by the application, allowing servers to re-use
	the same seed after a restart.  A random seed is generated for each newly allocated SRP server
	credentials structure, meaning that applications not using the new
	API to set the seed continue to work and gain limited advantage
	(because they use a different seed after every restart).  For further information see section 2.5.1.3. in RFC 5054.  Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: small artistic changes

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: check against the success value

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
	bool types when needed.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: ensure failure when parsing fails.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: allow ip address as constraint

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Added check for IPaddress

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added tests for name constraints addition.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: better error printing

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: corrected empty name check

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-nc.tmpl: Updated test for name constraints
	to include empty constraints names.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: pretty print empty DNSnames

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/name_constraints.c: 
	_gnutls_x509_read_value() can now read empty values.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: Allow empty names.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: removed debugging

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: Added check for null

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: If alternative names are found, don't
	bother checking the DN.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/certs/create-chain.sh: Added tool to create a
	certificate chain

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: properly indent name constraints

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: _gnutls_parse_general_name2() will return the
	expected data

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c, tests/cert-tests/Makefile.am,
	tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test: 
	certtool allows setting name constraints.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
	false warnings

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: simplify names

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
	constraints.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/name_constraints.c: Added
	gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
	certificate.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, tests/name-constraints.c,
	tests/suppressions.valgrind: Added support for e-mail constraints.

2014-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/name-constraints.c: Added more constraints tests for
	unsupported structures.

2014-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: Corrected check for present
	constraints in unsupported types.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-ocsp-client.c: fix small leak

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool.c: When verifying a response and a signer isn't
	provided assume that the signer is the issuer.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
	src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
	check if it is available on the reply.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: properly deinitialize name
	constraints structure.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-ocsp-client.c: Verify in example that the sent
	nonce matches the received nonce.  Reported by Benny Baumann.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/name-constraints.c: Added missing file

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority_options.gperf: priority string flag
	VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
	handshake timers when gnutls_handshake() is called.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
	catch a timeout issue in handshake().

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
	multiple flags in gnutls_x509_crt_get_name_constraints()

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: Do not deinitialize the constraints
	structure when reading the constraints fails.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
	lib/x509/output.c: Allow appending name constraints.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
	setting a non-critical name-constraints extension.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: better checking of unsupported
	constraints.

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
	lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_int.h, tests/Makefile.am: Added support for name
	constraints X.509 extension.  This allows to generate and read the name constraints extension, as
	well as check against the DNSNAME value.

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on p11-kit 0.20.0 or later

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: changed names for clarity

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c: Corrected bug in
	gnutls_pcert_list_import_x509_raw().  The bug caused gnutls_pcert_list_import_x509_raw() to crash if
	gnutls_x509_crt_list_import() would fail with the provided data.
	Reported by Dmitriy Anisimkov.

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suppressions.valgrind: corrected suppressions file

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: do not mention
	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
	tests/chainverify.c: removed deprecated flag

2014-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex: added Ted

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: set value to null after releasing

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/keygen.c: generate keys in the acceptable sizes in
	FIPS140 mode

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_key_id.c: generate 2048 bit keys in RSA mode

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c, lib/x509/x509_int.h: Added
	_gnutls_parse_general_name2()

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: ensure that _gnutls_x509_read_value works as
	documented.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: ensure that the issuer in present in a trusted
	module.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
	GNUTLS_PKCS11_TOKEN_TRUSTED_UINT

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
	GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Use the
	GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
	trusted modules are used.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h: 
	Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE.  This flag can be used to ensure that the object request lies on a
	marked as trusted PKCS #11 module. The marking is done on p11-kit
	configuration.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: mark trusted p11-kit modules as trusted.

2014-02-12  Marcus Meissner <meissner@suse.de>

	* src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
	for the ipv6 address fails, this loop would fail and abort the
	socket listen code.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added test for pathlen constraints.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added check for v1 intermediate CA
	certificate

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Fix bug that prevented the rejection of v1
	intermediate CA certificates.  Reported by Suman Jana.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
	timestamps for serial numbers.

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* maint.mk: updated indent cmd

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: corrected indent parameters

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h: 
	do not redefine the _gnutls_x86_cpuid_s symbol

2014-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
	security levels of PFS, SECURE128 and SECURE192 keywords.

2014-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: reduced security levels of SECURE128 and
	SECURE192 strings.

2014-02-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: only test libz if it is available

2014-02-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: check errors from
	gnutls_priority_set_direct().

2014-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc update

2014-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: increased the interval between reading
	/dev/urandom

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
	po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
	po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
	src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
	certtool option to allow asking for passwords even when in batch
	mode.

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: use newlines in error printing

2014-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: when using a PKCS #11 module for verification
	ensure that it has been marked a trusted module in p11-kit.

2014-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
	GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
	p11-kit's P11_KIT_MODULE_TRUSTED flag.

2014-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: use macros to set the level.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
	reference manual to remove individual indexes that were not working.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/test-ciphersuites.sh: corrected
	test-ciphersuites.sh test

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: consider the initial keyword set even when
	it's set to NONE.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: When two initial keywords are specified
	then treat the second as having the '+' modifier.  This will handle SECURE256:SECURE128 the same way as
	SECURE256:+SECURE128.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
	multiple initial keywords in a priority string, the security level
	set is the one of the lowest security.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: better wording

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: corrected bug in DH exponent size calculation.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
	extension.  This is an extension that is defined to be sent by the client but
	there are servers that include it as well. Most other
	implementations tolerate this behavior so we do.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected typo

2014-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
	requirements for all ciphersuites that are not GCM.

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: return proper error on RSA key generation failure

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c: 
	allow a missing u

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_hash_int.c: Added sanity check in hash_init() and
	mac_init().

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd.c: use some kind of key continuity in the nonce
	RNG.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: when importing public keys set the correct
	algorithm.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
	by one byte

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: corrected calculation

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: corrected prototype

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/Makefile.am,
	lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
	lib/nettle/pk.c: Added FIPS184-4 RSA key generation.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c, lib/libgnutls.map: rename function

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_db_get_cache_expiration()

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: removed unused variables

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
	gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
	lib/x509/privkey.c: Allow verification of public and private
	parameters.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
	keys.

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: Added check for gnutls_db_check_entry_time().

2014-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c: correctly read the magic number and timestamp;
	report and patch by Jonathan Roudiere

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/getfuncs-map.pl: updated for new functions

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
	functions to export.  gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
	gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
	gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
	gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: exported function needed for fips test

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
	lib/gnutls_privkey_raw.c: compile missing file

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: indented

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: eliminated memory leak when generating a
	privvate key using gnutls_privkey_generate().

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
	to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
	gnutls_privkey_import_rsa_raw

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: corrected usage of privkey

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
	number

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: optimized string search in _oid2str table.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: copyright update

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: fixed null pointer derefence when printing a
	name and an LDAP description isn't present for the OID

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
	gnutls_realloc_fast to false positives Conflicts: 	lib/libgnutls.map

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
	to release verify that the exported functions in the .map file match
	the headers.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported missing functions

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported function

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
	FIPS140 mode.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-global-load.c: removed non-working test for static
	linking.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rng-fork.c: increased the number of bytes requested by the
	RNG

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: 
	The AES-CTR-based nonce random number generator was replaced with
	salsa20.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
	lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
	function prototypes.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
	the prototype of _gnutls_mpi_div

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
	prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
	_gnutls_mpi_mul_ui

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
	prototype of _gnutls_mpi_powm

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
	lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
	lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
	lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
	lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
	mpi_scan macros

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: reduced warnings

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
	lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
	_gnutls_mpi_set_ui,, _gnutls_mpi_copy

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
	lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
	_gnutls_mpi_modm

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
	lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
	added _gnutls_mpi_init_multi

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: reduced the number of system calls made during
	the random generator lock.

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
	string by default in examples (not yet).

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
	to avoid becoming a bottleneck on processes with many threads.

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: corrected push/pull function setting

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: do not impose limits to index

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c: 
	Fixes in the Shawe-Taylor prime generation routine.

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: cleanups

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: increased seed length

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: cleanups

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: indented code

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
	_gnutls_pk_params_copy makes a full duplicate.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
	lib/x509/privkey.c: Added macros to allow specifying a subgroup for
	DSA.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
	new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
	Added gnutls_privkey_get_pk_rsa_raw: Added

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: exported more internal functions

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
	keys.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: Split the generation of keypair from
	the generation of parameters.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
	_dsa_validate_dss_g, and other fixes in validation.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: indented files

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
	_dsa_generate_dss_pq

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: fixed copyright

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
	vectors for the fixed implementation.

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/random.c: register FIPS140 random generator prior to
	initialization

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
	generator.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: no point to fail on 3DES weak keys.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: use a single context for all stream ciphers.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: Added ARCFOUR-128 self test.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: always set subkey status

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record.c: small updates in mini-dtls-record

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: simplified client hello generation

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: %COMPAT implies %DUMBFW

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: use a single buffer to generate the client
	hello.

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
	lib/random.c: The FIPS140 random number generator is enabled
	conditionally when required.

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: removed duplicate function

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: 
	replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: use newline

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: when freeing priority_cache make sure it is
	set to NULL

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: Clarified version

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h: 
	gnutls_global_set_mem_functions was deprecated

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
	warning; all systems we support set this function.

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: generate info documentation in a single file

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
	certificates is now replaced by the verification profiles.

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: no need to set profile to LOW as it is already
	the default

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
	macro

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: decreased certificate verification level to
	allow SHA1 as hash.

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/x509/verify.c: When verifying a
	certificate's security level ensure that the hash is within the
	level

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/complex-cert.pem: updated test for level rename

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suppressions.valgrind: updated memxor3 suppression to cope
	with any usage of memxor3

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: The correct priority will be used if SYSTEM
	is not specified.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: do not immediately fail on verification failure
	due to insecure algorithm.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
	gnutls_priority_set_direct() to set a fixed priority string

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: avoid allocation.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
	priorities based on version number in examples, and add dependency
	on 3.1.0

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	lib/gnutls_priority.c: changes in SYSTEM semantics to allow
	appending rules to the default policy.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c: 
	Added the SYSTEM priority string initial keyword.  That allows a compile-time specified configuration file to be used
	to read the priorities. That can be used to impose system specific
	policies.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: Weak sec-param was replaced with Low.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/sec-params.c: updated sec-params check

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/certtool-common.c, src/serv.c: more updates for the
	security param rename

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
	test to check the expected values of security parameters.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c: security levels aligned to ENISA and
	other common practice recommendations.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/priority_options.gperf, lib/x509/verify.c: 
	GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
	Also when setting a PROFILE explicitly as priority string the
	session security level is adjusted accordingly.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_priority.c,
	lib/priority_options.gperf: Use gperf to find priority string
	options.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: verification profiles can be set
	individually as well.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
	update

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: increased the overall security level unless
	%COMPAT is specified.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
	verification profiles when setting priority strings

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c: 
	Added certificate verification profiles.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: simplified _gnutls_verify_certificate2().

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: consistency changes.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
	description.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
	lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
	lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
	now kept in trust list instead of the credentials parameters.  This is however not enabled by default. When adding CAs to trust
	list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
	RDN sequence. This flag is for now only useful internally in gnutls.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509dn.c: simplified x509dn

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
	set_pkcs12_cred test.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: doc update

2014-01-08  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
	servers Without this patch, a TLS 1.2-only server will not be properly
	investigated by gnutls-cli-debug.  e.g. a server like:   gnutls-serv --x509keyfile=server/secret.key
	  --x509certfile=server/x509.pem --priority
	  'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
	localhost Resolving 'localhost'...  Connecting to '::1:5556'...
	Checking for SSL 3.0 support... no Checking whether %COMPAT is
	required... yes Checking for TLS 1.0 support... no Checking for TLS
	1.1 support... no Checking fallback from TLS 1.1 to... failed
	Checking for TLS 1.2 support... yes Checking whether we need to
	disable TLS 1.2... N/A Checking whether we need to disable TLS
	1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
	dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-01-06  Nils Maier <maierman@web.de>

	* lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
	using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
	full packet before setting priv->expect_cstatus = 0, or else
	CERTIFCATE STATUS packets won't be processed in subsequent calls at
	all, leaving them in the buffer and therefore causing later
	connection aborts.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
	renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
	looking for a trusted certificate.

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: simplified
	gnutls_certificate_set_x509_crl_file/mem.

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: simplified
	gnutls_certificate_set_x509_trust_file/mem.

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: use gnutls_strdup

2014-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: mini-record-2 movedto front.

2014-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: removed debugging

2014-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
	PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
	and distrust (blacklists).

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: more sensible names in find data private structures.

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: 
	gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
	GNUTLS_PKCS11_ISSUER_ANY is not specified.

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c: unified PKCS#11 debug messages

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	Updated PKCS #11 support for
	gnutls_x509_trust_list_add_trust_file().  It will now use the PKCS #11 trust URL while verifying instead of
	importing all CAs. That way it allows verification on the spot
	without requiring the gnutls to restart in case of a blacklisted CA.

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def: Added documentation for force autogen to
	generate correct texinfo code.

2013-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume-dtls.c, tests/resume.c: resume tests will not block
	if they fail

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: moved constructor definitions to macros to
	allow easier extensions to other systems.

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rng-fork.c: perform the iteration check on both rngs.

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suppressions.valgrind: Add suppression for nettle's memxor3

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: updated

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
	the current size of the client hello.

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c: doc update

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c: do not pad when the client hello size is
	sufficiently small.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
	padding if the hello data are already too long.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: export only xssl symbols; small patch by Andreas
	Metzler.

2013-12-26  Gustavo Zacarias <gustavo@zacarias.com.ar>

	* src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
	glibc where it's defined in librt rather than libc directly.  Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: limit the size of the DH exponent

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: unified constants

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/fips-test.c: Do not run the fips-test when not in fips mode

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/ext/status_request.c,
	lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h: 
	simplified gnutls_handshake_alloc

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: do not specify a default class when searching
	for objects to delete This fixed issue when trying to delete all the keys in a token by
	using the token URL.

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
	flag to force security office login to the card

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: updated txt

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: print warning when no token name is provided

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: Added userPrincipalName

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
	parameter is ignored.

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: corrected key ID size check

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: Ported Alon's patch to correctly check for librt (et
	al.) This also makes clock_gettime() check independent of the FIPS140
	option.

2013-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def: Added aliases list-privkeys and list-keys

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: undefine select as well in win32

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-large.c, tests/mini-dtls-record.c,
	tests/mini-handshake-timeout.c: corrected some tests to operate
	silently under valgrind

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mpi.c, tests/x509cert-tl.c: corrected leaks

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: do not use the gnulib wrappers in win32

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
	set the gnulib functions for recv and send.

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/elf/cpuid-x86_64.s: updated

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
	time.

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert-tl.c: corrected check

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: removed debugging

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12_s2k.c: corrected paths

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c: 
	pkcs11_get_random was renamed

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/aes-ssse3-x86.s,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/cpuid-x86.s,
	lib/accelerated/x86/coff/cpuid-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
	generated files

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: correctly generate asm sources

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: gnu note for stack only used in ELF

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/openssl-cpuid-x86.s,
	lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
	files

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c: Improved nettle check for
	registration of accelerated ciphers.

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am: use the correct sources in win32
	systems

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: simplified deps

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts: 	lib/Makefile.am

2013-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: updated danetool

2013-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ecc.c: changed default to 256R1

2013-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: the accelerated library is depending on nettle
	being present

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: updated to account the file format p11-kit
	expects

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/openssl: restricted submodule to a specific version

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, cfg.mk: bootstrap will initialize the submodules

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
	devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
	devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
	devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
	devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
	devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
	devel/perlasm/openssl-cpuid-x86.pl.license,
	devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
	devel/perlasm/sha1-ssse3-x86_64.pl,
	devel/perlasm/sha256-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86_64.pl,
	devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
	devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
	devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
	using git submodule

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/system.c: Added configure option
	--with-default-blacklist-file This option allows to specify a file containing blacklisted
	certificates.

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify-high2.c: 
	gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
	black list.  When a CA or certificate is removed from the trusted list, it is
	also added in a blacklist to ensure that it will not be accepted due
	to interdependency (e.g., it is a subordinate CA), or because it is
	not a CA.

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: Corrected documentation for
	gnutls_x509_trust_list_add_trust_*

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
	in gnutls_pkcs11_reinit.

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/mac.c: Avoid verbose logging

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: 
	use better definitions

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-cert-status.c: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
	boundaries the buffers provided to cryptodev.  When gnutls is compiled with support for cryptodev, the buffers
	provided to crypto backend are ensured to be 16-byte aligned (except
	the ones provided by the user). That increases performance in
	several crypto accelerators.

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-large.c: updated to correspond to new fail()

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
	_mbuffer_alloc

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/hmac-x86-ssse3.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
	lib/accelerated/x86/x86-common.c: reorganized source files.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
	AESNI is available without PCLMUL, then use AES-NI in GCM.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-x86.c: addressed warning

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
	AESNI

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/hmac-x86-ssse3.c,
	lib/accelerated/x86/hmac-x86.c,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.c: 
	use better names for files

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/hmac-padlock.c: zeroize keys

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-gcm-x86.c, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-x86.c,
	lib/accelerated/x86/sha-x86.c, lib/accelerated/x86/sha-x86.h: When
	PCLMUL isn't available use the SSSE3 implementation of AES to
	optimize GCM.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: removed UMAC ciphersuites from benchmark

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: removed the estream ciphersuites from
	benchmarks

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
	devel/perlasm/aes-ssse3-x86.pl.license,
	devel/perlasm/aes-ssse3-x86_64.pl,
	devel/perlasm/aes-ssse3-x86_64.pl.license,
	devel/perlasm/aesni-x86.pl.license,
	devel/perlasm/aesni-x86_64.pl.license,
	devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
	devel/perlasm/cpuid-x86_64.pl.license,
	devel/perlasm/e_padlock-x86.pl.license,
	devel/perlasm/e_padlock-x86_64.pl.license,
	devel/perlasm/ghash-x86.pl.license,
	devel/perlasm/ghash-x86_64.pl.license,
	devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
	devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
	devel/perlasm/openssl-cpuid-x86.pl.license,
	devel/perlasm/ppc-xlate.pl.license,
	devel/perlasm/sha1-ssse3-x86.pl.license,
	devel/perlasm/sha1-ssse3-x86_64.pl.license,
	devel/perlasm/sha256-ssse3-x86.pl.license,
	devel/perlasm/sha512-ssse3-x86.pl.license,
	devel/perlasm/sha512-ssse3-x86_64.pl.license,
	lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/coff/aes-ssse3-x86.s,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/cpuid-x86.s,
	lib/accelerated/x86/coff/cpuid-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
	lib/accelerated/x86/macosx/aes-ssse3-x86.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
	Hamburg's SSSE3 AES implementation.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: doc update

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
	devel/perlasm/sha1-ssse3-x86.pl,
	devel/perlasm/sha1-ssse3-x86_64.pl,
	devel/perlasm/sha256-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86_64.pl,
	lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
	lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
	lib/accelerated/x86/coff/appro-aes-x86-coff.s,
	lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/coff/cpuid-x86-coff.s,
	lib/accelerated/x86/coff/cpuid-x86.s,
	lib/accelerated/x86/coff/cpuid-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/openssl-cpuid-x86.s,
	lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
	lib/accelerated/x86/coff/padlock-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-coff.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-avx-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/elf/appro-aes-x86-64.s,
	lib/accelerated/x86/elf/appro-aes-x86.s,
	lib/accelerated/x86/elf/cpuid-x86-64.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/padlock-x86-64.s,
	lib/accelerated/x86/elf/padlock-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-avx-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
	lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-macosx.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
	lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
	implementations

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h: 
	Utilize the optimized SHA functions in Padlock HMAC.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: use a single BUILT_SOURCES

2012-05-03  Patrick Pelletier <code@funwithsoftware.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def: 
	minor phrasing improvements in docs

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added auto-generated files in BUILT_SOURCES

2013-12-13  Jared Wong <jaredlwong@gmail.com>

	* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
	line_size.  All checks were being done where the line_size check was done last.
	This allows data to be read from one past teh end of the line
	buffer. In C, accessing data outside of an array is undefined
	behavior and may cause yet known problems. Additionally, the
	compiler may end up making some unreasonable assumptions under the
	pretense that the programmer is never wrong and would not access
	data outside of the array.

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/libopts/m4/libopts.m4: Avoid conditional generation of
	Makefile

2013-12-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
	prime size as well.

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported function

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
	gnu-ism in Makefiles

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: simplified logic

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: Correctly detect the FIPS140-2 HMAC file.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
	exported pkcs11 functions initialize PKCS #11.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: fixes in PKCS #11 initialization

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: provide imprecise time as gmt time.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
	auto-reinitialization.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: 
	fully initialize the PKCS #11 subsystem only when it is needed to.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
	lib/nettle/mac.c: FIPS140 mode is detected on run-time.  That allows a library compiled in FIPS140 mode to operate as the
	full library if the system is not in FIPS mode.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
	check to verify that gnutls_global_init() is run on the library
	constructor.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/global-init.c: converted to a simple check for
	gnutls_global_init() as gnutls_global_init2() will not be added.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: call p11_kit_modules_load() with null argument.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: only use LT_INIT

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: disable static library build by default

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	gnutls_global_init2() is no longer exported.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: Added automatic reinitialization on fork() on the
	PKCS #11 subsystem.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
	use.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: 
	Use a DRBG-AES to generate nonces rather than the yarrow RNG.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: getpid() is conditionally used.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
	auto-generated files

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
	tests/fips-test.c: removed zombie mode, and no longer use fips140.h

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
	lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
	to gnutls.h

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: simplified func

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/nettle/pk.c: corrected macros

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: Check whether the RNG can perform many
	iterations without error.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
	lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
	exceed a number of iterations.

2013-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
	mutex to avoid any side-effects.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/locks.h: re-initialize a deleted staticly initialized mutex

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Added hack for nettle's checks.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: adjusted parameters in normal level
	for DSA to match nettle's abilities.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: added newlines in error reporting

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
	tests when used from slow/cipher-test

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/global-init.c: updated test for the universal lib
	constructor

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: removed deadlock from gnutls_global.c

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/gnutls_global.c: constructor and destructors were
	moved outside the FIPS140 mode.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
	when not in FIPS140 mode.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c: 
	fips140_simulate_error -> lib_simulate_error

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: adjusted subgroup bits to be
	compatible with DSA requirements.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
	lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
	lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
	library state is used even when not in FIPS mode.  This allows having an error state that blocks the library usage even
	when not in FIPS mode.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : Merged the FIPS140-2 support code.  Conflicts: 	lib/gnutls_global.c 	tests/mini-overhead.c

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: removed usage of %zu.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-overhead.c: updated mini-overhead to account for the
	removal of salsa20+umac

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: Detect the presence of posix locks even without
	linked to libpthread.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
	for camellia-gcm.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: remove bashism.

2013-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc update

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: updated links in reference.
	Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: updated links in reference.
	Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi: 
	updated addresses and URLs. Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi: 
	updated addresses and URLs. Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
	*structors to fips.c

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
	by Ben de Graaff.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
	by Ben de Graaff.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: Added ECDH known answer test.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
	Diffie-Hellman key exchange.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
	1.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c: 
	compacted DH support files.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
	they are not needed.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: When checking the generated DSA params make
	sure that the data to be signed have the proper size.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
	lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
	exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
	functions.  This allows handling DH key generation in the crypto backend files.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
	DRBG-AES generator by using a counter (with an arbitrary initial
	value) as DT.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: Added pairwise constistency test on key
	generation.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero

2013-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/certtool.cfg: updated example certtool.cfg

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
	a compiler optimizing out out calls.

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
	DH and DSA key q size.

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c: corrected params for ULTRA level

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: Re-run receiving tests on server side, to
	allow any valgrind errors to propagate to exit code.

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: Perform an integrity check on all supporting libraries

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: In FIPS mode the default cipher is AES.

2013-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: Do not link gnutls against librt unlress it is
	really necessary.

2013-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: checks FIPS-140 lib requirements, moved after
	clock_gettime() is checked for.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/armor.c: removed unused function

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/pubkey.c: removed unused variable

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, tests/mini-xssl.c,
	tests/pkcs12_simple.c: Skip tests that require the non-suiteb
	curves.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: 
	_gnutls_privkey_decode_ecc_key() returns integers as error code to
	distinguish error conditions.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
	to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
	curves).

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: updated

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
	lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
	lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
	tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
	parameter generator.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: removed unneeded newlines

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files ignored

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/nettle/Makefile.am, lib/nettle/gcm-camellia.c,
	lib/nettle/gcm-camellia.h, lib/nettle/int/drbg-aes-self-test.c,
	lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
	lib/nettle/int/gcm-camellia.c, lib/nettle/int/gcm-camellia.h,
	lib/nettle/rnd-fips.c: Added DRBG submitted to nettle in gnutls.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: Added deflate compression tests with
	AES-GCM in order to be tested in FIPS mode.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: corrected comparison

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: Allow MD5 hash in zombie mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.h: fixed bug

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: don't run openssl (md5) when in fips mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, tests/fips-test.c: separate zombie mode from
	operational fips mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/fips-test.c: modified to account for zombie mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
	in openssl keys.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: beautified table

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: added new functions

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: eliminated memory leak on PK self
	check.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c: 
	Added gnutls_global_init2(). This allows initializing gnutls in a
	constructor in FIPS140 mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: Added an audit message in self test failure

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
	messages.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: binary integrity self test moved to end

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.h: simplified debugging levels.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509_b64.c: silence some errors

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: updated

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c: 
	Better handling of FIPS140-2 initialization

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
	lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
	determine which curves are available.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c: 
	gnutls_key_generate() is restricted by the size of the initial RNG
	seed in FIPS140-2 mode.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
	FIPS mode.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: when using the rng() with a void option use the
	FIPS state to indicate errors.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
	tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
	tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c: 
	Restrict the number of tests run on FIPS140-2 mode.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
	lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
	FIPS140-2 mode disable non-conformant ciphers, MAC and hash
	algorithms.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c: 
	Use nettle for the generation of DH group parameters.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: no need to memset. It should have been
	initialized.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
	tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
	not involve the security level into the certificate comparisons.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
	lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
	pk_generate_params() and pk_generate_keys().  This allows using the pk_generate interface to get DH parameters and
	DH keys.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c: restricted combinations of security
	parameters in FIPS mode.

2013-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: removed the initialized static variable.

2013-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
	lib/nettle/rnd-fips.c: Corrected _rnd_get_event().

2013-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
	lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c: 
	Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
	_gnutls_mpi_mod().

2013-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: In rng_fork test all random generators.

2013-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: comments updated to conform to the modified
	version.

2013-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: removed external test functions

2013-11-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
	lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
	lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
	libgcrypt's AES-based DRBG.

2013-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
	of nettle's RNG.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
	lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
	overwritten

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: corrected typo

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
	keys.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: more keys are zeroized

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: require libtasn1 3.4

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c: updated libtasn1 version

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: use the most appropriate nettle function

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
	lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
	lib/x509/privkey_pkcs8.c: better naming for free_datum functions.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
	lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
	buffers of private keys.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
	ECC secret scalars and points.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
	lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
	lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
	lib/nettle/mac.c: Added zeroization of keys in several parts within
	gnutls.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dh.c: doc update

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
	primitives.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
	_gnutls_mpi_release()

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
	lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
	lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
	tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
	and added a self test for it.

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/fips.h: Added binary integrity test

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
	lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
	for fips states.  This implies that when in FIPS mode and the library is not in
	operational state (i.e., all self checks succeeded), crypto
	functionality of the library will fail.  This includes: 	* API functions of gnutls/crypto.h 	* API functions of gnutls/abstract.h 	* API functions of gnutls/x509.h 	* gnutls_init() 	* API functions of gnutls/xssl.h

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
	tests/slow/cipher-test.c: indented code

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
	tests/slow/cipher-test.c: Self checks are conditionally included in
	the library.

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
	RSA, DSA and ECDSA.

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
	specifying an explicit curve.

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Added gnutls_privkey_generate().

2013-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/crypto-selftests-pk.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
	key usage.

2013-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
	tests/slow/cipher-test.c: Added option to run all available self
	tests per category in a single run.

2013-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
	self-tests by adding digest and MAC tests.

2013-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/crypto-selftests.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/slow/cipher-test.c: Added self tests

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: check for alternative unbound root key files.

2013-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c: increased buffers

2013-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
	lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-coff.s,
	lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/elf/appro-aes-x86-64.s,
	lib/accelerated/x86/elf/padlock-x86-64.s,
	lib/accelerated/x86/elf/padlock-x86.s,
	lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
	auto-generated asm files. This fixes a valgrind complaint when
	AES-NI is in use.

2013-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
	devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
	devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
	devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
	devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
	devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
	devel/perlasm/x86nasm.pl: updated perlasm files

2013-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am: Do not link gnutls against librt
	unlress it is really necessary.  Conflicts: 	configure.ac 	lib/Makefile.am

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated e-mail address

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: use $shell()

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/args-std.def: handle centrally more variables

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
	manpage generation (and information stored to it).

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
	auto-generated doc files.

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c: 
	certtool's --verify option if not supplied with a CA list, will use
	the system's CA list.

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: cast the expiration time to time_t

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: doc update

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
	for the 'no well defined' expiration time.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
	gl/tests/Makefile.am, gl/tests/strerror-override.c,
	gl/tests/strerror-override.h, gl/tests/strerror.c: Added strerror
	module.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/egd.c: better use of errno

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/epub.tex, doc/latex/gnutls.tex,
	doc/scripts/mytexi2latex: use eurosym package for euro symbol

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Corrected check of usage of local libopts when
	autogen isn't present

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-dn-err.tmpl,
	tests/cert-tests/template-test: Verify failure of DN parsing in a
	wrong DN.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress.c: disallow any compression in DTLS

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c: 
	mini-deflate was combined with mini-record-2

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_record.h: Corrected bug which affected compressed
	records.  Less space was provided for decryption than the required causing
	disconnection issues when compression was used.  The issue was
	pointed by Frank Zschockelt.  Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
	max_decrypted_size() and max_record_recv_size().

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c: check return code of gnutls_rnd().

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
	session tickets.

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: fixed for win32

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: added assert to trace errors.

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: link all programs with libgnu_gpl to avoid
	conflicts from header files.

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h: 
	Added progname module which is used by error().

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: safer usage of strerror

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
	libopts

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: corrected libopts patch

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/error.c: removed unneed line

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore xssl manpages

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
	secure128 level.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: generate ChangeLog after doc/ is checked.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs.pl: made more clever to ignore inline
	function body.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
	auto-generated files

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported gnutls_est_record_overhead_size

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: do not add newline (it's already in the
	printed string)

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
	function is not updated if it is already set.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: updated glimport

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi, src/certtool-args.def: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
	tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test: 
	Added self checks for new date reading functionality

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/Makefile.am, src/certtool-args.def,
	src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
	activation_date and expiration_date options to certtool template
	file.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
	src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
	src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
	src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
	src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
	src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
	src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/extensions.m4,
	src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
	src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
	src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
	src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
	src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
	src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
	src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
	src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
	src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
	src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
	src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
	src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
	src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
	src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
	src/gl/strerror-override.c, src/gl/strerror-override.h,
	src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
	src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
	src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
	src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
	src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
	src/gl/xmalloc.c: Added a gnulib with GPL components for use by
	applications.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def: 
	corrected bug reporting address.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
	for overflows when setting time and allow a time of -1.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, tests/cert-tests/Makefile.am,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow.tmpl,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-overflow2.tmpl,
	tests/cert-tests/template-test: Dates and time that would overflow
	the GeneralTime are also truncated. We may need to revise that
	around 9999 CE.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-certtool.texi,
	doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
	doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
	doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi: force serialized generation of
	invoke-*texi, to avoid autogen issue.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
	(time_t)-1 will set to the no well-defined expiration date value.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: correctly set the ciphersuite when the
	set_premaster interface is used.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: check for a valid blocksize prior to entering
	loop

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
	if set to a number will enable logging to stderr.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat, tests/suite/testcompat-main: corrected
	issue with a not-yet-valid certificate

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
	addresses.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: simplified function

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
	with fedora's openssl

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: print whether the local libopts or libtasn1 are
	being used.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/base64.c, gl/intprops.h,
	gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, gl/tests/intprops.h,
	maint.mk: Added intprops module (which is needed by newer libtasn1
	versions)

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: use the bool expression instead of unsigned
	int:1.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: doc update

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.h: define GNUTLS_PATH_MAX globally.

2013-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat: do not run on clippled versions of openssl

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/extensions.c: simplified functions.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/test-ciphers.js,
	tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
	test

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
	lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
	several functions.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.c: always exit when fail is called.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: reduced the stack size warning size.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
	lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
	lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
	string option.  This works around issues when connecting behind some firewalls.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: Ignore SIGPIPE.  Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
	Andreas Metzler.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-p11tool.texi, src/p11tool-args.def: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
	of GNUTLS_PKCS11_PIN.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-p11tool.texi: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-certs/ca-tmpl,
	tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
	tests/suite/pkcs11-certs/client-tmpl,
	tests/suite/pkcs11-certs/client.crt,
	tests/suite/pkcs11-certs/client.key,
	tests/suite/pkcs11-certs/server-tmpl,
	tests/suite/pkcs11-certs/server.crt,
	tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
	test suite for PKCS #11 cards (not executed automatically).

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
	self-signed certificates present in the chain

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: simplified checks

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/p11tool-args.def: Allow getting the PIN from the
	GNUTLS_PKCS11_PIN environment variable.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
	import the whole chain.  This affects gnutls_certificate_set_x509_key_file*().

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	Added export-chain option to p11tool

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_pubkey.c,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
	lib/x509/x509.c: Improvements in PKCS #11 support.  Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
	The latter function allows to obtain the issuer of a certificate
	stored in a token.  While traversing tokens, use the URL provided by the user, to avoid
	looking for objects in unrelated tokens.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: test before copy

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
	lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
	function prototypes to account for the new indentation.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
	doc/manpages/tpmtool.1: doc update

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
	lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
	indentation in headers.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: stribute the autogen'erated files as
	.bak and enable them only if local libopts is being used.

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/alert-printlist.c, doc/common.c, doc/common.h,
	doc/errcodes.c, doc/examples/ex-alert.c,
	doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
	doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
	doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
	doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
	doc/examples/ex-x509-info.c, doc/examples/examples.h,
	doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
	doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
	extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
	extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
	lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
	lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
	lib/algorithms.h, lib/algorithms/cert_types.c,
	lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
	lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
	lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
	lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
	lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
	lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
	lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
	lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
	lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
	lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
	lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
	lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
	lib/ext/server_name.h, lib/ext/session_ticket.c,
	lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
	lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
	lib/ext/status_request.c, lib/ext/status_request.h,
	lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
	lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
	lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
	lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
	lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
	lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
	lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
	lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
	lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/opencdk/write-packet.c, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
	lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
	lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
	lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/verify-high.c, lib/x509/verify-high.h,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
	lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
	lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
	libdane/errors.c, libdane/includes/gnutls/dane.h,
	src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
	src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool-common.c, src/certtool-common.h,
	src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
	src/common.c, src/common.h, src/crywrap/crywrap.c,
	src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
	src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
	src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
	src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
	src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
	src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
	tests/certder.c, tests/certificate_set_x509_crl.c,
	tests/certuniqueid.c, tests/chainverify-unsorted.c,
	tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
	tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
	tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
	tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
	tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
	tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
	tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
	tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
	tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
	tests/mini-overhead.c, tests/mini-record-2.c,
	tests/mini-record-range.c, tests/mini-record.c,
	tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
	tests/mini-termination.c, tests/mini-x509-2.c,
	tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
	tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
	tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
	tests/openpgp-auth2.c, tests/openpgp-keyring.c,
	tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
	tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
	tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
	tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
	tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
	tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
	tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
	tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
	tests/suite/ecore/src/include/Eina.h,
	tests/suite/ecore/src/include/eina_accessor.h,
	tests/suite/ecore/src/include/eina_array.h,
	tests/suite/ecore/src/include/eina_benchmark.h,
	tests/suite/ecore/src/include/eina_binshare.h,
	tests/suite/ecore/src/include/eina_config.h,
	tests/suite/ecore/src/include/eina_convert.h,
	tests/suite/ecore/src/include/eina_counter.h,
	tests/suite/ecore/src/include/eina_cpu.h,
	tests/suite/ecore/src/include/eina_error.h,
	tests/suite/ecore/src/include/eina_file.h,
	tests/suite/ecore/src/include/eina_fp.h,
	tests/suite/ecore/src/include/eina_hamster.h,
	tests/suite/ecore/src/include/eina_hash.h,
	tests/suite/ecore/src/include/eina_inlist.h,
	tests/suite/ecore/src/include/eina_iterator.h,
	tests/suite/ecore/src/include/eina_lalloc.h,
	tests/suite/ecore/src/include/eina_list.h,
	tests/suite/ecore/src/include/eina_log.h,
	tests/suite/ecore/src/include/eina_magic.h,
	tests/suite/ecore/src/include/eina_main.h,
	tests/suite/ecore/src/include/eina_matrixsparse.h,
	tests/suite/ecore/src/include/eina_mempool.h,
	tests/suite/ecore/src/include/eina_module.h,
	tests/suite/ecore/src/include/eina_quadtree.h,
	tests/suite/ecore/src/include/eina_rbtree.h,
	tests/suite/ecore/src/include/eina_rectangle.h,
	tests/suite/ecore/src/include/eina_safety_checks.h,
	tests/suite/ecore/src/include/eina_sched.h,
	tests/suite/ecore/src/include/eina_str.h,
	tests/suite/ecore/src/include/eina_strbuf.h,
	tests/suite/ecore/src/include/eina_stringshare.h,
	tests/suite/ecore/src/include/eina_tiler.h,
	tests/suite/ecore/src/include/eina_trash.h,
	tests/suite/ecore/src/include/eina_types.h,
	tests/suite/ecore/src/include/eina_unicode.h,
	tests/suite/ecore/src/include/eina_ustrbuf.h,
	tests/suite/ecore/src/include/eina_ustringshare.h,
	tests/suite/ecore/src/lib/Ecore.h,
	tests/suite/ecore/src/lib/Ecore_Getopt.h,
	tests/suite/ecore/src/lib/ecore.c,
	tests/suite/ecore/src/lib/ecore_anim.c,
	tests/suite/ecore/src/lib/ecore_app.c,
	tests/suite/ecore/src/lib/ecore_events.c,
	tests/suite/ecore/src/lib/ecore_exe.c,
	tests/suite/ecore/src/lib/ecore_getopt.c,
	tests/suite/ecore/src/lib/ecore_glib.c,
	tests/suite/ecore/src/lib/ecore_idle_enterer.c,
	tests/suite/ecore/src/lib/ecore_idle_exiter.c,
	tests/suite/ecore/src/lib/ecore_idler.c,
	tests/suite/ecore/src/lib/ecore_job.c,
	tests/suite/ecore/src/lib/ecore_main.c,
	tests/suite/ecore/src/lib/ecore_pipe.c,
	tests/suite/ecore/src/lib/ecore_poll.c,
	tests/suite/ecore/src/lib/ecore_private.h,
	tests/suite/ecore/src/lib/ecore_signal.c,
	tests/suite/ecore/src/lib/ecore_thread.c,
	tests/suite/ecore/src/lib/ecore_time.c,
	tests/suite/ecore/src/lib/ecore_timer.c,
	tests/suite/ecore/src/lib/eina_accessor.c,
	tests/suite/ecore/src/lib/eina_array.c,
	tests/suite/ecore/src/lib/eina_benchmark.c,
	tests/suite/ecore/src/lib/eina_binshare.c,
	tests/suite/ecore/src/lib/eina_chained_mempool.c,
	tests/suite/ecore/src/lib/eina_convert.c,
	tests/suite/ecore/src/lib/eina_counter.c,
	tests/suite/ecore/src/lib/eina_cpu.c,
	tests/suite/ecore/src/lib/eina_error.c,
	tests/suite/ecore/src/lib/eina_file.c,
	tests/suite/ecore/src/lib/eina_fp.c,
	tests/suite/ecore/src/lib/eina_hamster.c,
	tests/suite/ecore/src/lib/eina_hash.c,
	tests/suite/ecore/src/lib/eina_inlist.c,
	tests/suite/ecore/src/lib/eina_iterator.c,
	tests/suite/ecore/src/lib/eina_lalloc.c,
	tests/suite/ecore/src/lib/eina_list.c,
	tests/suite/ecore/src/lib/eina_log.c,
	tests/suite/ecore/src/lib/eina_magic.c,
	tests/suite/ecore/src/lib/eina_main.c,
	tests/suite/ecore/src/lib/eina_matrixsparse.c,
	tests/suite/ecore/src/lib/eina_mempool.c,
	tests/suite/ecore/src/lib/eina_module.c,
	tests/suite/ecore/src/lib/eina_private.h,
	tests/suite/ecore/src/lib/eina_quadtree.c,
	tests/suite/ecore/src/lib/eina_rbtree.c,
	tests/suite/ecore/src/lib/eina_rectangle.c,
	tests/suite/ecore/src/lib/eina_safety_checks.c,
	tests/suite/ecore/src/lib/eina_sched.c,
	tests/suite/ecore/src/lib/eina_share_common.c,
	tests/suite/ecore/src/lib/eina_share_common.h,
	tests/suite/ecore/src/lib/eina_str.c,
	tests/suite/ecore/src/lib/eina_strbuf.c,
	tests/suite/ecore/src/lib/eina_strbuf_common.c,
	tests/suite/ecore/src/lib/eina_strbuf_common.h,
	tests/suite/ecore/src/lib/eina_stringshare.c,
	tests/suite/ecore/src/lib/eina_tiler.c,
	tests/suite/ecore/src/lib/eina_unicode.c,
	tests/suite/ecore/src/lib/eina_ustrbuf.c,
	tests/suite/ecore/src/lib/eina_ustringshare.c,
	tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
	tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
	tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: 
	reindented code

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: doc update

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
	gnutls_x509_privkey_generate() allow specifying an explicit curve.

2013-11-07  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: enable --outder for certtool
	--dh-info "certool --dh-info --outder" produces PEM-encoded output without
	this patch.

2013-11-07  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/certtool-args.def, src/certtool-common.c: enable --inder for
	certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
	without this patch.

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/tpmtool.1: doc update

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: doc update

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: use srcdir as prefix

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed unneeded command

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: print the flags used for libopts

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: delete libopts generated files if system libopts is
	being used

2013-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h: 
	separated the TLS IV size and the cipher IV size.

2013-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/libopts/Makefile.am: fixes in libopts
	compilation

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: make sure that .def files will be re-read on the
	compiling system.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
	src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
	src/libopts/compat/strchr.c, src/libopts/configfile.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
	src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/streqvcmp.c,
	src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
	5.18.2

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: better logging

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
	parsing.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: removed debugging info

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: do not set any default level

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Assign very weak level to priority string
	NONE only.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore auto-generated files

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
	src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
	src/libopts/option-value-type.c, src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
	src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
	src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
	src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
	src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
	src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
	src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
	src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
	src/tpmtool-args.h: removed autogenerated files

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: If autogen and libopts are present
	then use the system's libopts.

2013-11-04  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/args-std.def, src/certtool-args.def, src/cli-args.def,
	src/danetool-args.def, src/psk-args.def, src/srptool-args.def: 
	argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
	documentation places two dots (for example "specify a password
	file.." in srptool(1)).  Most of the descriptions are declared properly (without a trailing
	dot), but this patch should clean up the rest.  After this commit, any auto-generated documentation that is
	committed to git will probably will also need to be refreshed (or
	removed from git entirely and generated from the definitions during
	build, which might be cleaner).

2013-11-01  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/tests.c: fix DHE parameter output for gnutls-cli-debug
	--verbose gnutls_handshake() was failing during test_dhe_group, with an error
	of GNUTLS_E_NO_PRIORITIES_WERE_SET.  Adding this call fixes the
	handshake so that DHE group details can be printed when requested.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c, tests/mini-deflate.c,
	tests/mini-eagain-dtls.c, tests/mini-eagain.c,
	tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
	tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
	server side.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
	a warning as it is the same as not setting it. Reported by Daniel
	Kahn Gillmor.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Do not print private key parameters when exporting
	an encrypted private key.

2013-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.

2013-05-21  Stef Walter <stefw@redhat.com>

	* configure.ac, lib/pkcs11.c: [PATCH] Update to us
...