summaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS10247
1 files changed, 10247 insertions, 0 deletions
diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000..9be7ab4
--- /dev/null
+++ b/NEWS
@@ -0,0 +1,10247 @@
+GnuTLS NEWS -- History of user-visible changes. -*- outline -*-
+Bug numbers referenced in this log correspond to bug numbers at our issue tracker,
+available at https://gitlab.com/gnutls/gnutls/issues
+Copyright (C) 2000-2016 Free Software Foundation, Inc.
+Copyright (C) 2013-2019 Nikos Mavrogiannopoulos
+See the end for copying conditions.
+
+* Version 3.7.9 (released 2023-02-09)
+
+** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
+ Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
+ [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 3.7.8 (released 2022-09-27)
+
+** libgnutls: In FIPS140 mode, RSA signature verification is an approved
+ operation if the key has modulus with known sizes (1024, 1280,
+ 1536, and 1792 bits), in addition to any modulus sizes larger than
+ 2048 bits, according to SP800-131A rev2.
+
+** libgnutls: gnutls_session_channel_binding performs additional checks when
+ GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
+ "tls-exporter" channel binding is only usable when the handshake is
+ bound to a unique master secret (i.e., either TLS 1.3 or extended
+ master secret extension is negotiated). Otherwise the function now
+ returns error.
+
+** libgnutls: usage of the following functions, which are designed to
+ loosen restrictions imposed by allowlisting mode of configuration,
+ has been additionally restricted. Invoking them is now only allowed
+ if system-wide TLS priority string has not been initialized yet:
+gnutls_digest_set_secure
+gnutls_sign_set_secure
+gnutls_sign_set_secure_for_certs
+gnutls_protocol_set_enabled
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 3.7.7 (released 2022-07-28)
+
+** libgnutls: Fixed double free during verification of pkcs7 signatures.
+ Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium]
+ [CVE-2022-2509]
+
+** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or
+ equal to 255 times hash digest size, to comply with RFC 5869 2.3.
+
+** libgnutls: Length limit for TLS PSK usernames has been increased
+ from 128 to 65535 characters (#1323).
+
+** libgnutls: AES-GCM encryption function now limits plaintext
+ length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
+
+** libgnutls: New block cipher functions have been added to transparently
+ handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be
+ used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically
+ add/remove padding if the length of the original plaintext is not a multiple
+ of the block size.
+
+** libgnutls: New function for manual FIPS self-testing.
+
+** API and ABI modifications:
+gnutls_fips140_run_self_tests: New function
+gnutls_cipher_encrypt3: New function
+gnutls_cipher_decrypt3: New function
+gnutls_cipher_padding_flags_t: New enum
+
+** guile: Guile 1.8 is no longer supported
+
+** guile: Session record port treats premature termination as EOF
+ Previously, a ‘gnutls-error’ exception with the
+ ‘error/premature-termination’ value would be thrown while reading from a
+ session record port when the underlying session was terminated
+ prematurely. This was inconvenient since users of the port may not be
+ prepared to handle such an exception.
+ Reading from the session record port now returns the end-of-file object
+ instead of throwing an exception, just like it would for a proper
+ session termination.
+
+** guile: Session record ports can have a ‘close’ procedure.
+ The ‘session-record-port’ procedure now takes an optional second
+ parameter, and a new ‘set-session-record-port-close!’ procedure is
+ provided to specify a ‘close’ procedure for a session record port.
+ This ‘close’ procedure lets users specify cleanup operations for when
+ the port is closed, such as closing the file descriptor or port that
+ backs the underlying session.
+
+* Version 3.7.6 (released 2022-05-27)
+
+** libgnutls: Fixed invalid write when gnutls_realloc_zero()
+ is called with new_size < old_size. This bug caused heap
+ corruption when gnutls_realloc_zero() has been set as gmp
+ reallocfunc (!1592, #1367, #1368, #1369).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 3.7.5 (released 2022-05-15)
+
+** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority
+ modifier have been added to disable session ticket usage in TLS 1.2 because
+ it does not provide forward secrecy (#477). On the other hand, since session
+ tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now
+ only disables session tickets in TLS 1.2. Future backward incompatibility:
+ in the next major release of GnuTLS, we plan to remove those flag and
+ modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2.
+
+** gnutls-cli, gnutls-serv: Channel binding for printing information
+ has been changed from tls-unique to tls-exporter as tls-unique is
+ not supported in TLS 1.3.
+
+** libgnutls: Certificate sanity checks has been enhanced to make
+ gnutls more RFC 5280 compliant (!1583).
+ Following changes were included:
+ - critical extensions are parsed when loading x509
+ certificate to prohibit any random octet strings.
+ Requires strict-x509 configure option to be enabled
+ - garbage bits in Key Usage extension are prohibited
+ - empty DirectoryStrings in Distinguished name structures
+ of Issuer and Subject name are prohibited
+
+** libgnutls: Removed 3DES from FIPS approved algorithms (#1353).
+ According to the section 2 of SP800-131A Rev.2, 3DES algorithm
+ will be disallowed for encryption after December 31, 2023:
+ https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
+
+** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312).
+ The existing AEAD API that works in a scatter-gather fashion
+ (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC.
+ For further optimization, new function (gnutls_aead_cipher_set_key) has been
+ added to set key on the existing AEAD handle without re-allocation.
+
+** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode
+ when used in TLS (#1311).
+
+** The configure arguments for Brotli and Zstandard (zstd) support
+ have changed to reflect the previous help text: they are now
+ --with-brotli/--with-zstd respectively (#1342).
+
+** Detecting the Zstandard (zstd) library in configure has been
+ fixed (#1343).
+
+** API and ABI modifications:
+GNUTLS_NO_TICKETS_TLS12: New flag
+gnutls_aead_cipher_set_key: New function
+
+* Version 3.7.4 (released 2022-03-17)
+
+** libgnutls: Added support for certificate compression as defined in RFC8879
+ (#1301). New API functions (gnutls_compress_certificate_get_selected_method
+ and gnutls_compress_certificate_set_methods) allow client and server to set
+ their preferences.
+
+** certtool: Added option --compress-cert that allows user to specify
+ compression methods for certificate compression.
+
+** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure
+ option to enforce stricter certificate sanity checks that are compliant with
+ RFC5280.
+
+** libgnutls: Removed IA5String type from DirectoryString within issuer
+ and subject name to make DirectoryString RFC5280 compliant.
+
+** libgnutls: Added function (gnutls_record_send_file) to send file content from
+ open file descriptor (!1486). The implementation is optimized if KTLS (kernel
+ TLS) is enabled.
+
+** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name of
+ current ciphersuite from TLS session (#1291).
+
+** libgnutls: The run-time dependency on tpm2-tss is now re-implemented using
+ dlopen, so GnuTLS does not indirectly link to other crypto libraries until
+ TPM2 functionality is utilized (!1544).
+
+** API and ABI modifications:
+GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
+GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
+gnutls_compress_certificate_get_selected_method: Added
+gnutls_compress_certificate_set_methods: Added
+gnutls_ciphersuite_get: New function
+gnutls_record_send_file: New function
+libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1
+
+* Version 3.7.3 (released 2022-01-17)
+
+** libgnutls: The allowlisting configuration mode has been added to the system-wide
+ settings. In this mode, all the algorithms are initially marked as insecure
+ or disabled, while the applications can re-enable them either through the
+ [overrides] section of the configuration file or the new API (#1172).
+
+** The build infrastructure no longer depends on GNU AutoGen for generating
+ command-line option handling, template file parsing in certtool, and
+ documentation generation (#773, #774). This change also removes run-time or
+ bundled dependency on the libopts library, and requires Python 3.6 or later
+ to regenerate the distribution tarball.
+
+ Note that this brings in known backward incompatibility in command-line
+ tools, such as long options are now case sensitive, while previously they
+ were treated in a case insensitive manner: for example --RSA is no longer a
+ valid option of certtool. The existing scripts using GnuTLS tools may need
+ adjustment for this change.
+
+** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and
+ used as a gnutls_privkey_t (#594). The code was originally written for the
+ OpenConnect VPN project by David Woodhouse. To generate such blobs, use the
+ tpm2tss-genkey tool from tpm2-tss-engine:
+ https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
+ or the tpm2_encodeobject tool from unreleased tpm2-tools.
+
+** libgnutls: The library now transparently enables Linux KTLS
+ (kernel TLS) when the feature is compiled in with --enable-ktls configuration
+ option (#1113). If the KTLS initialization fails it automatically falls back
+ to the user space implementation.
+
+** certtool: The certtool command can now read the Certificate Transparency
+ (RFC 6962) SCT extension (#232). New API functions are also provided to
+ access and manipulate the extension values.
+
+** certtool: The certtool command can now generate, manipulate, and evaluate
+ x25519 and x448 public keys, private keys, and certificates.
+
+** libgnutls: Disabling a hashing algorithm through "insecure-hash"
+ configuration directive now also disables TLS ciphersuites that use it as a
+ PRF algorithm.
+
+** libgnutls: PKCS#12 files are now created with modern algorithms by default
+ (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and
+ HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
+ PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
+ default PBKDF2 iteration count has been increased to 600000.
+
+** libgnutls: PKCS#12 keys derived using GOST algorithm now uses
+ HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to
+ conform with the latest TC-26 requirements (#1225).
+
+** libgnutls: The library now provides a means to report the status of approved
+ cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this
+ complements the existing mechanism to prohibit the use of unapproved
+ algorithms by making the library unusable state.
+
+** gnutls-cli: The gnutls-cli command now provides a --list-config option to
+ print the library configuration (!1508).
+
+** libgnutls: Fixed possible race condition in
+ gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared
+ among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low]
+
+** API and ABI modifications:
+GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t
+GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags
+gnutls_ecc_curve_set_enabled: Added.
+gnutls_sign_set_secure: Added.
+gnutls_sign_set_secure_for_certs: Added.
+gnutls_digest_set_secure: Added.
+gnutls_protocol_set_enabled: Added.
+gnutls_fips140_context_init: New function
+gnutls_fips140_context_deinit: New function
+gnutls_fips140_push_context: New function
+gnutls_fips140_pop_context: New function
+gnutls_fips140_get_operation_state: New function
+gnutls_fips140_operation_state_t: New enum
+gnutls_transport_is_ktls_enabled: New function
+gnutls_get_library_configuration: New function
+
+* Version 3.7.2 (released 2021-05-29)
+
+** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
+ to disable TLS 1.3 middlebox compatibility mode
+
+** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
+ This can be enabled with --enable-afalg configure option, when libkcapi
+ package is installed (#308).
+
+** libgnutls: Fixed timing of early data exchange. Previously, the client was
+ sending early data after receiving Server Hello, which not only negates the
+ benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
+ same ciphersuite is selected in initial and resumption handshake) (#1146).
+
+** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
+ copied from the signing CA by default (#1126).
+
+** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
+ GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
+ deprecated and will be removed in the future releases.
+
+** certtool: When producing certificates and certificate requests, subject DN
+ components that are provided individually will now be ordered by
+ assumed scale (e.g. Country before State, Organization before
+ OrganizationalUnit). This change also affects the order in which
+ certtool prompts interactively. Please rely on the template
+ mechanism for automated use of certtool! (#1243)
+
+** API and ABI modifications:
+gnutls_early_cipher_get: Added
+gnutls_early_prf_hash_get: Added
+
+** guile: Writes to a session record port no longer throw an exception upon
+ GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
+
+* Version 3.7.1 (released 2021-03-10)
+
+** libgnutls: Fixed potential use-after-free in sending "key_share"
+ and "pre_shared_key" extensions. When sending those extensions, the
+ client may dereference a pointer no longer valid after
+ realloc. This happens only when the client sends a large Client
+ Hello message, e.g., when HRR is sent in a resumed session
+ previously negotiated large FFDHE parameters, because the initial
+ allocation of the buffer is large enough without having to call
+ realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
+
+** libgnutls: Fixed a regression in handling duplicated certs in a
+ chain (#1131).
+
+** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox
+ compatibiltiy mode. In that mode the client shall always send a
+ non-zero session ID to make the handshake resemble the TLS 1.2
+ resumption; this was not true in the previous versions (#1074).
+
+** libgnutls: W32 performance improvement with a new sendmsg()-like
+ transport implementation (!1377).
+
+** libgnutls: Removed dependency on the external 'fipscheck' package,
+ when compiled with --enable-fips140-mode (#1101).
+
+** libgnutls: Added padlock acceleration for AES-192-CBC (#1004).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 3.7.0 (released 2020-12-02)
+
+** libgnutls: Depend on nettle 3.6 (!1322).
+
+** libgnutls: Added a new API that provides a callback function to
+ retrieve missing certificates from incomplete certificate chains
+ (#202, #968, #1100).
+
+** libgnutls: Added a new API that provides a callback function to
+ output the complete path to the trusted root during certificate
+ chain verification (#1012).
+
+** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the
+ terminating null bytes, while the data field is null terminated.
+ The affected API functions are: gnutls_ocsp_req_get_extension,
+ gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
+ (#805).
+
+** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849,
+ #850).
+
+** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are
+ now no-op (#790).
+
+** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161).
+
+** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin
+ CPU (#1079).
+
+** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31
+ bytes to 255 bytes (#932).
+
+** API and ABI modifications:
+gnutls_x509_trust_list_set_getissuer_function: Added
+gnutls_x509_trust_list_get_ptr: Added
+gnutls_x509_trust_list_set_ptr: Added
+gnutls_session_set_verify_output_function: Added
+gnutls_record_encryption_level_t: New enum
+gnutls_handshake_read_func: New callback type
+gnutls_handshake_set_read_function: New function
+gnutls_handshake_write: New function
+gnutls_handshake_secret_func: New callback type
+gnutls_handshake_set_secret_function: New function
+gnutls_alert_read_func: New callback type
+gnutls_alert_set_read_function: New function
+gnutls_crypto_register_cipher: Deprecated; no-op
+gnutls_crypto_register_aead_cipher: Deprecated; no-op
+gnutls_crypto_register_mac: Deprecated; no-op
+gnutls_crypto_register_digest: Deprecated; no-op
+
+* Version 3.6.15 (releases 2020-09-04)
+
+** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
+ The server sending a "no_renegotiation" alert in an unexpected timing,
+ followed by an invalid second handshake was able to cause a TLS 1.3 client to
+ crash via a null-pointer dereference. The crash happens in the application's
+ error handling path, where the gnutls_deinit function is called after
+ detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium]
+
+** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
+ indicates that with a false return value (!1306).
+
+** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
+ accordingly to SP800-56A rev 3 (!1295, !1299).
+
+** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
+ the size of the internal base64 blob (#1025). The new behavior aligns to the
+ existing documentation.
+
+** libgnutls: Certificate verification failue due to OCSP must-stapling is not
+ honered is now correctly marked with the GNUTLS_CERT_INVALID flag
+ (!1317). The new behavior aligns to the existing documentation.
+
+** libgnutls: The audit log message for weak hashes is no longer printed twice
+ (!1301).
+
+** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
+ disabled in the priority string. Previously, even when TLS 1.2 is explicitly
+ disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
+ enabled (#1054).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 3.6.14 (released 2020-06-03)
+
+** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
+ The TLS server would not bind the session ticket encryption key with a
+ value supplied by the application until the initial key rotation, allowing
+ attacker to bypass authentication in TLS 1.3 and recover previous
+ conversations in TLS 1.2 (#1011).
+ [GNUTLS-SA-2020-06-03, CVSS: high]
+
+** libgnutls: Fixed handling of certificate chain with cross-signed
+ intermediate CA certificates (#1008).
+
+** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
+
+** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
+ (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
+ Key Identifier (AKI) properly (#989, #991).
+
+** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
+
+** libgnutls: Added several improvements on Windows Vista and later releases
+ (!1257, !1254, !1256). Most notably the system random number generator now
+ uses Windows BCrypt* API if available (!1255).
+
+** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
+ Also both accelerated and non-accelerated implementations check key block
+ according to FIPS-140-2 IG A.9 (!1233).
+
+** libgnutls: Added support for AES-SIV ciphers (#463).
+
+** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
+
+** libgnutls: No longer use internal symbols exported from Nettle (!1235)
+
+** API and ABI modifications:
+GNUTLS_CIPHER_AES_128_SIV: Added
+GNUTLS_CIPHER_AES_256_SIV: Added
+GNUTLS_CIPHER_AES_192_GCM: Added
+GNUTLS_NO_AUTO_SEND_TICKET: Added
+gnutls_ext_get_name2: Added
+gnutls_pkcs7_print_signature_info: Added
+
+* Version 3.6.13 (released 2020-03-31)
+
+** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
+ The DTLS client would not contribute any randomness to the DTLS negotiation,
+ breaking the security guarantees of the DTLS protocol (#960)
+ [GNUTLS-SA-2020-03-31, CVSS: high]
+
+** libgnutls: Added new APIs to access KDF algorithms (#813).
+
+** libgnutls: Added new callback gnutls_keylog_func that enables a custom
+ logging functionality.
+
+** libgnutls: Added support for non-null terminated usernames in PSK
+ negotiation (#586).
+
+** gnutls-cli-debug: Improved support for old servers that only support
+ SSL 3.0.
+
+** API and ABI modifications:
+gnutls_hkdf_extract: Added
+gnutls_hkdf_expand: Added
+gnutls_pbkdf2: Added
+gnutls_session_get_keylog_function: Added
+gnutls_session_set_keylog_function: Added
+gnutls_prf_hash_get: Added
+gnutls_psk_server_get_username2: Added
+gnutls_psk_set_client_credentials2: Added
+gnutls_psk_set_client_credentials_function2: Added
+gnutls_psk_set_server_credentials_function2: Added
+
+
+* Version 3.6.12 (released 2020-02-01)
+
+** libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
+ to identify sessions that client request OCSP status request (#829).
+
+** libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
+ signature algorithm (RFC 8032) under TLS (#86).
+
+** libgnutls: Added the default-priority-string option to system configuration;
+ it allows overriding the compiled-in default-priority-string.
+
+** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
+ draft-smyshlyaev-tls12-gost-suites-07).
+ By default this ciphersuite is disabled. It can be enabled by adding
+ +GOST to priority string. In the future this priority string may enable
+ other GOST ciphersuites as well. Note, that server will fail to negotiate
+ GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
+ is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
+ are enabled on GnuTLS-based servers.
+
+** libgnutls: added priority shortcuts for different GOST categories like
+ CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
+
+** libgnutls: Reject certificates with invalid time fields. That is we reject
+ certificates with invalid characters in Time fields, or invalid time formatting
+ To continue accepting the invalid form compile with --disable-strict-der-time
+ (#207, #870).
+
+** libgnutls: Reject certificates which contain duplicate extensions. We were
+ previously printing warnings when printing such a certificate, but that is
+ not always sufficient to flag such certificates as invalid. Instead we now
+ refuse to import them (#887).
+
+** libgnutls: If a CA is found in the trusted list, check in addition to
+ time validity, whether the algorithms comply to the expected level prior
+ to accepting it. This addresses the problem of accepting CAs which would
+ have been marked as insecure otherwise (#877).
+
+** libgnutls: The min-verification-profile from system configuration applies
+ for all certificate verifications, not only under TLS. The configuration can
+ be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.
+
+** libgnutls: The stapled OCSP certificate verification adheres to the convention
+ used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.
+
+** libgnutls: On client side only send OCSP staples if they have been requested
+ by the server, and on server side always advertise that we support OCSP stapling
+ (#876).
+
+** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
+ with gnutls_ocsp_req_t but const.
+
+** certtool: Added the --verify-profile option to set a certificate
+ verification profile. Use '--verify-profile low' for certificate verification
+ to apply the 'NORMAL' verification profile.
+
+** certtool: The add_extension template option is considered even when generating
+ a certificate from a certificate request.
+
+** API and ABI modifications:
+GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added
+GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Added
+gnutls_ocsp_req_const_t: Added
+
+
+* Version 3.6.11 (released 2019-12-01)
+
+** libgnutls: Use KERN_ARND for the system random number generator on NetBSD.
+ This syscall provides an endless stream of random numbers from the kernel's
+ ChaCha20-based random number generator, without blocking or requiring an open file
+ descriptor.
+
+** libgnutls: Corrected issue with TLS 1.2 session ticket handling as client
+ during resumption (#841).
+
+** libgnutls: gnutls_base64_decode2() succeeds decoding the empty string to
+ the empty string. This is a behavioral change of the API but it conforms
+ to the RFC4648 expectations (#834).
+
+** libgnutls: Fixed AES-CFB8 implementation, when input is shorter than
+ the block size. Fix backported from nettle.
+
+** certtool: CRL distribution points will be set in CA certificates even when
+ non self-signed (#765).
+
+** gnutls-cli/serv: added raw public-key handling capabilities (RFC7250).
+ Key material can be set via the --rawpkkeyfile and --rawpkfile flags.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.6.10 (released 2019-09-29)
+
+** libgnutls: Added support for deterministic ECDSA/DSA (RFC6979)
+ Deterministic signing can be enabled by setting
+ GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*()
+ functions (#94).
+
+** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2
+ functions that will perform in-place encryption/decryption on data buffers (#718).
+
+** libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under
+ TLS1.3, if a timeout callback was not set using gnutls_transport_set_pull_timeout_function()
+ (#823).
+
+** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
+ issue with large record handling due to random padding (#811).
+
+** libgnutls: the server now selects the highest TLS protocol version,
+ if TLS 1.3 is enabled and the client advertises an older protocol version first (#837).
+
+** libgnutls: fix non-PIC assembly on i386 (#818).
+
+** libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode
+ and MAC generation based on GOST 28147-89 (IMIT). For description of the
+ modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in
+ RFC 7836.
+
+** certtool: when outputting an encrypted private key do not insert the textual description
+ of it. This fixes a regression since 3.6.5 (#840).
+
+** API and ABI modifications:
+gnutls_aead_cipher_encryptv2: Added
+gnutls_aead_cipher_decryptv2: Added
+GNUTLS_CIPHER_GOST28147_TC26Z_CNT: Added
+GNUTLS_MAC_GOST28147_TC26Z_IMIT: Added
+
+* Version 3.6.9 (released 2019-07-25)
+
+** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy
+ of digest or MAC context. Copying contexts for externally-registered digest and MAC
+ contexts is unupported (#787).
+
+** Marked the crypto implementation override APIs as deprecated. These APIs are rarely
+ used, are for a niche use case, but have significant side effects, such as preventing
+ any internal re-organization and extension of the internal cipher API. The APIs remain
+ functional though a compiler warning will be issued, and a future minor version update
+ may transform them to a no-op while keeping ABI compatibility (#789).
+
+** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781).
+
+** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA
+ flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash().
+
+** libgnutls: Added support for Generalname registeredID.
+
+** The priority configuration was enhanced to allow more elaborate
+ system-wide configuration of the library (#587).
+ The following changes were included:
+ - The file is read as an ini file with '#' indicating a comment.
+ - The section "[priorities]" or global follows the existing semantics of
+ the configuration file, and allows to specify system-wide priority strings
+ which are accessed with the '@' prefix.
+ - The section "[overrides]" is added with the parameters "insecure-hash",
+ "insecure-sig", "insecure-sig-for-cert", "disabled-curve",
+ "disabled-version", "min-verification-profile", "tls-disabled-cipher",
+ "tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit
+ specific algorithms or options globally. Existing algorithms in the
+ library can be marked as disabled and insecure, but no hard-coded
+ insecure algorithm can be marked as secure (so that the configuration
+ cannot be abused to make the system vulnerable).
+ - Unknown sections or options are skipped with a debug message, unless
+ the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is
+ set to 1.
+
+** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE
+ - 0x20: Enable SHA_NI instruction set
+
+** API and ABI modifications:
+gnutls_crypto_register_cipher: Deprecated
+gnutls_crypto_register_aead_cipher: Deprecated
+gnutls_crypto_register_digest: Deprecated
+gnutls_crypto_register_mac: Deprecated
+gnutls_get_system_config_file: Added
+gnutls_hash_copy: Added
+gnutls_hmac_copy: Added
+GNUTLS_MAC_AES_GMAC_128: Added
+GNUTLS_MAC_AES_GMAC_192: Added
+GNUTLS_MAC_AES_CMAC_256: Added
+GNUTLS_SAN_REGISTERED_ID: Added
+
+
+* Version 3.6.8 (released 2019-05-28)
+
+** libgnutls: Added gnutls_prf_early() function to retrieve early keying
+ material (#329)
+
+** libgnutls: Added support for AES-XTS cipher (#354)
+
+** libgnutls: Fix calculation of Streebog digests (incorrect carry operation in
+ 512 bit addition)
+
+** libgnutls: During Diffie-Hellman operations in TLS, verify that the peer's
+ public key is on the right subgroup (y^q=1 mod p), when q is available (under
+ TLS 1.3 and under earlier versions when RFC7919 parameters are used).
+
+** libgnutls: the gnutls_srp_set_server_credentials_function can now be used
+ with the 8192 parameters as well (#995).
+
+** libgnutls: Fixed bug preventing the use of gnutls_pubkey_verify_data2() and
+ gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag (#754)
+
+** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow
+ clients to communicate with the server advertising smaller limits than 512
+
+** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent
+ hostname/domain crafting via IDNA conversion (#720)
+
+** certtool: allow the digital signature key usage flag in CA certificates.
+ Previously certtool would ignore this flag for CA certificates even if
+ specified (#767)
+
+** gnutls-cli/serv: added the --keymatexport and --keymatexportsize options.
+ These allow testing the RFC5705 using these tools.
+
+** API and ABI modifications:
+gnutls_prf_early: Added
+gnutls_record_set_max_recv_size: Added
+gnutls_dh_params_import_raw3: Added
+gnutls_ffdhe_2048_group_q: Added
+gnutls_ffdhe_3072_group_q: Added
+gnutls_ffdhe_4096_group_q: Added
+gnutls_ffdhe_6144_group_q: Added
+gnutls_ffdhe_8192_group_q: Added
+
+
+* Version 3.6.7 (released 2019-03-27)
+
+** libgnutls, gnutls tools: Every gnutls_free() will automatically set
+ the free'd pointer to NULL. This prevents possible use-after-free and
+ double free issues. Use-after-free will be turned into NULL dereference.
+ The counter-measure does not extend to applications using gnutls_free().
+
+** libgnutls: Fixed a memory corruption (double free) vulnerability in the
+ certificate verification API. Reported by Tavis Ormandy; addressed with
+ the change above. [GNUTLS-SA-2019-03-27, #694]
+
+** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
+ Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704]
+
+** libgnutls: enforce key usage limitations on certificates more actively.
+ Previously we would enforce it for TLS1.2 protocol, now we enforce it
+ even when TLS1.3 is negotiated, or on client certificates as well. When
+ an inappropriate for TLS1.3 certificate is seen on the credentials structure
+ GnuTLS will disable TLS1.3 support for that session (#690).
+
+** libgnutls: the default number of tickets sent under TLS 1.3 was increased to
+ two. This makes it easier for clients which perform multiple connections
+ to the server to use the tickets sent by a default server.
+
+** libgnutls: enforce the equality of the two signature parameters fields in
+ a certificate. We were already enforcing the signature algorithm, but there
+ was a bug in parameter checking code.
+
+** libgnutls: fixed issue preventing sending and receiving from different
+ threads when false start was enabled (#713).
+
+** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
+ session, as non-writeable security officer sessions are undefined in PKCS#11
+ (#721).
+
+** libgnutls: no longer send downgrade sentinel in TLS 1.3.
+ Previously the sentinel value was embedded to early in version
+ negotiation and was sent even on TLS 1.3. It is now sent only when
+ TLS 1.2 or earlier is negotiated (#689).
+
+** gnutls-cli: Added option --logfile to redirect informational messages output.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.6.6 (released 2019-01-25)
+
+** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
+ on the public key (#640).
+
+** libgnutls: Added support for raw public-key authentication as defined in RFC7250.
+ Raw public-keys can be negotiated by enabling the corresponding certificate
+ types via the priority strings. The raw public-key mechanism must be explicitly
+ enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
+
+** libgnutls: When on server or client side we are sending no extensions we do
+ not set an empty extensions field but we rather remove that field competely.
+ This solves a regression since 3.5.x and improves compatibility of the server
+ side with certain clients.
+
+** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
+ the CKA_SIGN is not set (#667).
+
+** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
+ disable extensions at all cases, while providing a functional session. This
+ also implies that when specified, TLS1.3 is disabled.
+
+** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
+ The previous definition was non-functional (#609).
+
+** API and ABI modifications:
+GNUTLS_ENABLE_RAWPK: Added
+GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK)
+GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated
+GNUTLS_PCERT_NO_CERT: Deprecated
+
+
+* Version 3.6.5 (released 2018-12-01)
+
+** libgnutls: Provide the option of transparent re-handshake/reauthentication
+ when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
+
+** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
+
+** libgnutls: The priority functions will ignore and not enable TLS1.3 if
+ requested with legacy TLS versions enabled but not TLS1.2. That is because
+ if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
+ servers which do not support TLS1.3 will negotiate TLS1.2 which will be
+ rejected by the client as disabled (#621).
+
+** libgnutls: Change RSA decryption to use a new side-channel silent function.
+ This addresses a security issue where memory access patterns as well as timing
+ on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
+ attacks. Side-channel resistant code is slower due to the need to mask
+ access and timings. When used in TLS the new functions cause RSA based
+ handshakes to be between 13% and 28% slower on average (Numbers are indicative,
+ the tests where performed on a relatively modern Intel CPU, results vary
+ depending on the CPU and architecture used). This change makes nettle 3.4.1
+ the minimum requirement of gnutls (#630). [CVSS: medium]
+
+** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
+ in the priority string. It is only accepted as legacy option and is ignored.
+
+** libgnutls: Added support for EdDSA under PKCS#11 (#417)
+
+** libgnutls: Added support for AES-CFB8 cipher (#357)
+
+** libgnutls: Added support for AES-CMAC MAC (#351)
+
+** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
+ have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
+ S-BOXes). They are fixed now.
+
+** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
+ keys parsing, as specified in R 50.1.112-2016.
+
+** gnutls-serv: It applies the default settings when no --priority option is given,
+ using gnutls_set_default_priority().
+
+** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
+ option (#561)
+
+** certtool: Add parameter --no-text that prevents certtool from outputting
+ text before PEM-encoded private key, public key, certificate, CRL or CSR.
+
+** API and ABI modifications:
+GNUTLS_AUTO_REAUTH: Added
+GNUTLS_CIPHER_AES_128_CFB8: Added
+GNUTLS_CIPHER_AES_192_CFB8: Added
+GNUTLS_CIPHER_AES_256_CFB8: Added
+GNUTLS_MAC_AES_CMAC_128: Added
+GNUTLS_MAC_AES_CMAC_256: Added
+gnutls_record_get_max_early_data_size: Added
+gnutls_record_send_early_data: Added
+gnutls_record_recv_early_data: Added
+gnutls_db_check_entry_expire_time: Added
+gnutls_anti_replay_set_add_function: Added
+gnutls_anti_replay_init: Added
+gnutls_anti_replay_deinit: Added
+gnutls_anti_replay_set_window: Added
+gnutls_anti_replay_enable: Added
+gnutls_privkey_decrypt_data2: Added
+
+
+* Version 3.6.4 (released 2018-09-24)
+
+** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
+
+** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
+ gnutls_certificate_set_retrieve_function() which could not handle the case where
+ no certificates were returned, or the callbacks were set to NULL (see #528).
+
+** libgnutls: gnutls_handshake() on server returns early on handshake when no
+ certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
+ is specified.
+
+** libgnutls: Added session ticket key rotation on server side with TOTP.
+ The key set with gnutls_session_ticket_enable_server() is used as a
+ master key to generate time-based keys for tickets. The rotation
+ relates to the gnutls_db_set_cache_expiration() period.
+
+** libgnutls: The 'record size limit' extension is added and preferred to the
+ 'max record size' extension when possible.
+
+** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
+ This addresses the problem where the CA certificate doesn't have a subject key
+ identifier whereas the end certificates have an authority key identifier (#569)
+
+** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
+ gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
+ and export GOST parameters in the "native" little endian format used for these
+ curves. This is an intentional incompatible change with 3.6.3.
+
+** libgnutls: Added support for seperately negotiating client and server certificate types
+ as defined in RFC7250. This mechanism must be explicitly enabled via the
+ GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
+
+** gnutls-cli: enable CRL validation on startup (#564)
+
+** API and ABI modifications:
+GNUTLS_ENABLE_EARLY_START: Added
+GNUTLS_ENABLE_CERT_TYPE_NEG: Added
+GNUTLS_TL_FAIL_ON_INVALID_CRL: Added
+GNUTLS_CERTIFICATE_VERIFY_CRLS: Added
+gnutls_ctype_target_t: New enumeration
+gnutls_record_set_max_early_data_size: Added
+gnutls_certificate_type_get2: Added
+gnutls_priority_certificate_type_list2: Added
+gnutls_ffdhe_6144_group_prime: Added
+gnutls_ffdhe_6144_group_generator: Added
+gnutls_ffdhe_6144_key_bits: Added
+
+
+* Version 3.6.3 (released 2018-07-16)
+
+** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version
+ negotiation, post handshake authentication, length hiding, multiple OCSP support,
+ consistent ciphersuite support across protocols, hello retry requests, ability
+ to adjust key shares via gnutls_init() flags, certificate authorities extension,
+ and key usage limits. TLS1.3 draft-28 support can be enabled by default if
+ the option --enable-tls13-support is given to configure script.
+
+** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or
+ earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings
+ TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority
+ strings, then TLS 1.3 negotiation will be disabled if the session is associated
+ only with an anonymous credentials structure.
+
+** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836.
+ This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12,
+ and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA
+ 256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357),
+ and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836).
+
+** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers
+ as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
+ priority strings, as they are undefined under TLS1.3 and they provide no advantage
+ over other options in earlier protocols.
+
+** The SSL 3.0 protocol is disabled on compile-time by default. It can be re-enabled
+ by specifying --enable-ssl3-support on configure script.
+
+** libgnutls: Introduced function to switch the current FIPS140-2 operational
+ mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2
+ operations.
+
+** libgnutls: Introduced low-level function to assist applications attempting client
+ hello extension parsing, prior to GnuTLS' parsing of the message.
+
+** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no
+ modifications to the certificate. That prevents DER re-encoding issues with incorrectly
+ encoded certificates, or other DER incompatibilities to affect a TLS session.
+ Relates with #403
+
+** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups
+ which are preferred by the server. That unfortunately has complicated semantics
+ as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering,
+ which could make group order unpredictable if TLS1.3 is negotiated.
+
+** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen
+ and Adi Shamir reported that the existing counter-measures had certain issues and
+ were insufficient when the attacker has additional access to the CPU cache and
+ performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium]
+
+** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation
+ of legacy CBC ciphersuites unless encrypt-then-mac is negotiated.
+
+** libgnutls: gnutls_privkey_import_ext4() was enhanced with the
+ GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag.
+
+** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2,
+ gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default
+ unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
+ change for these functions which make them err towards safety.
+
+** libgnutls: improved aarch64 cpu features detection by using getauxval().
+
+** certtool: It is now possible to specify certificate and serial CRL numbers greater
+ than 2**63-2 as a hex-encoded string both when prompted and in a template file.
+ Default certificate serial numbers are now fully random. Default CRL
+ numbers include more random bits and are larger than in previous GnuTLS versions.
+ Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually
+ if you intend to later downgrade to previous versions as it was not possible
+ to specify large CRL numbers in previous versions of certtool.
+
+** API and ABI modifications:
+gnutls_fips140_set_mode: Added
+gnutls_session_key_update: Added
+gnutls_ext_get_current_msg: Added
+gnutls_reauth: Added
+gnutls_ocsp_status_request_get2: Added
+gnutls_ocsp_resp_import2: Added
+gnutls_ocsp_resp_export2: Added
+gnutls_ocsp_resp_list_import2: Added
+gnutls_certificate_set_retrieve_function3: Added
+gnutls_certificate_set_ocsp_status_request_file2: Added
+gnutls_certificate_set_ocsp_status_request_mem: Added
+gnutls_certificate_get_ocsp_expiration: Added
+gnutls_record_send2: Added
+gnutls_ext_raw_parse: Added
+gnutls_x509_crt_list_import_url: Added
+gnutls_pcert_list_import_x509_file: Added
+gnutls_pkcs11_token_get_ptr: Added
+gnutls_pkcs11_obj_get_ptr: Added
+gnutls_session_ticket_send: Added
+gnutls_aead_cipher_encryptv: Added
+gnutls_gost_paramset_get_name: Added
+gnutls_gost_paramset_get_oid: Added
+gnutls_oid_to_gost_paramset: Added
+gnutls_decode_gost_rs_value: Added
+gnutls_encode_gost_rs_value: Added
+gnutls_pubkey_export_gost_raw2: Added
+gnutls_pubkey_import_gost_raw: Added
+gnutls_x509_crt_get_pk_gost_raw: Added
+gnutls_privkey_export_gost_raw2: Added
+gnutls_privkey_import_gost_raw: Added
+gnutls_x509_privkey_export_gost_raw: Added
+gnutls_x509_privkey_import_gost_raw: Added
+gnutls_set_default_priority_append: Added
+gnutls_priority_init2: Added
+GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS: Added
+GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE: Added
+
+
+* Version 3.6.2 (released 2018-02-16)
+
+** libgnutls: When verifying against a self signed certificate ignore issuer.
+ That is, ignore issuer when checking the issuer's parameters strength, resolving
+ issue #347 which caused self signed certificates to be additionally marked as of
+ insufficient security level.
+
+** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
+ MTU calculation now, it correctly accounts for the fixed overhead due to
+ padding (as 1 byte), while at the same time considers the rest of the
+ padding as part of data MTU.
+
+** libgnutls: Address issue of loading of all PKCS#11 modules on startup
+ on systems with a PKCS#11 trust store (as opposed to a file trust store).
+ Introduced a multi-stage initialization which loads the trust modules, and
+ other modules are deferred for the first pure PKCS#11 request.
+
+** libgnutls: The SRP authentication will reject any parameters outside
+ RFC5054. This protects any client from potential MitM due to insecure
+ parameters. That also brings SRP in par with the RFC7919 changes to
+ Diffie-Hellman.
+
+** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
+ for SRP authentication.
+
+** libgnutls: Addressed issue in the accelerated code affecting interoperability
+ with versions of nettle >= 3.4.
+
+** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
+
+** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
+ Vitezslav Cizek).
+
+** srptool: the --create-conf option no longer includes 1024-bit parameters.
+
+** p11tool: Fixed the deletion of objects in batch mode.
+
+** API and ABI modifications:
+gnutls_srp_8192_group_generator: Added
+gnutls_srp_8192_group_prime: Added
+
+
+* Version 3.6.1 (released 2017-10-21)
+
+** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was
+ used. Resolves gitlab issue #259.
+
+** libgnutls: gnutls_x509_crl_sign, gnutls_x509_crt_sign,
+ gnutls_x509_crq_sign, were modified to sign with a better algorithm than
+ SHA1. They will now sign with an algorithm that corresponds to the security
+ level of the signer's key.
+
+** libgnutls: gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
+ accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal
+ the function to auto-detect an appropriate hash algorithm to use.
+
+** libgnutls: Removed support for signature algorithms using SHA2-224 in TLS.
+ TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm
+ in TLS 1.2. As such, no reason to keep supporting it.
+
+** libgnutls: Refuse to use client certificates containing disallowed
+ algorithms for a session. That reverts a change on 3.5.5, which allowed
+ a client to use DSA-SHA1 due to his old DSA certificate, without requiring him
+ to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).
+ The previous approach was to allow a smooth move for client infrastructure
+ after the DSA algorithm became disabled by default, and is no longer necessary
+ as DSA is now being universally depracated.
+
+** libgnutls: Refuse to resume a session which had a different SNI advertised. That
+ improves RFC6066 support in server side. Reported by Thomas Klute.
+
+** p11tool: Mark all generated objects as sensitive by default.
+
+** p11tool: added options --sign-params and --hash. This allows testing
+ signature with multiple algorithms, including RSA-PSS.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.6.0 (released 2017-08-21)
+
+** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and
+ fuzzying toolkit, allowing for corner case testing, and ensuring that the
+ behavior of the library will not change across releases.
+ https://github.com/tomato42/tlsfuzzer
+
+** libgnutls: Introduced a lock-free random generator which operates per-thread
+ and eliminates random-generator related bottlenecks in multi-threaded operation.
+ Resolves gitlab issue #141.
+ http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html
+
+** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA.
+ The goal is to reduce code needed in cache (CHACHA is also used for TLS),
+ and the number of primitives used by the library. That does not affect the
+ AES-DRBG random generator used in FIPS140-2 mode.
+
+** libgnutls: Added support for RSA-PSS key type as well as signatures in
+ certificates, and TLS key exchange. Contributed by Daiki Ueno.
+ RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys,
+ but not vice-versa. The feature includes:
+ * RSA-PSS key generation and key handling (in PKCS#8 form)
+ * RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech)
+ * Handling of RSA-PSS subjectPublicKeyInfo parameters, when present
+ in either the private key or certificate.
+ * RSA-PSS signing and verification of PKIX certificates
+ * RSA-PSS signing and verification of TLS 1.2 handshake
+ * RSA-PSS signing and verification of PKCS#7 structures
+ * RSA-PSS and RSA key combinations for TLS credentials. That is, when
+ multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS
+ TLS signatures, to contain risks of cross-protocol attacks between the algorithms.
+ * RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa)
+ Note that RSA-PSS signatures with SHA1 are (intentionally) not supported.
+
+** libgnutls: Added support for Ed25519 signing in certificates and TLS key
+ exchange following draft-ietf-tls-rfc4492bis-17. The feature includes:
+ * Ed25519 key generation and key handling (in PKCS#8 form)
+ * Ed25519 signing and verification of PKIX certificates
+ * Ed25519 signing and verification of TLS 1.2 handshake
+ * Ed25519 signing and verification of PKCS#7 structures
+
+** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17.
+
+** libgnutls: Added support for Diffie-Hellman group negotiation following RFC7919.
+ That makes the DH parameters negotiation more robust and less prone to errors
+ due to insecure parameters. Servers are no longer required to specific explicit
+ DH parameters, though if they do these parameters will be used. Group
+ selection can be done via priority strings. The introduced strings are
+ GROUP-ALL, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and
+ GROUP-FFDHE8192, as well as the corresponding to curves groups. Note that
+ the 6144 group from RFC7919 is not supported.
+
+** libgnutls: Introduced various sanity checks on certificate import. Refuse
+ to import certificates which have fractional seconds in Time fields, X.509v1
+ certificates which have the unique identifiers set, and certificates with illegal
+ version numbers. All of these are prohibited by RFC5280.
+
+** libgnutls: Introduced gnutls_x509_crt_set_flags(). This function can set flags
+ in the crt structure. The only flag supported at the moment is
+ GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity
+ checks on import.
+
+** libgnutls: PKIX certificates with unknown critical extensions are rejected
+ on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This
+ behavior can be overridden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
+ to verification functions. Resolves gitlab issue #177.
+
+** libgnutls: Refuse to generate a certificate with an illegal version, or an
+ illegal serial number. That is, gnutls_x509_crt_set_version() and
+ gnutls_x509_crt_set_serial(), will fail on input considered to be invalid
+ in RFC5280.
+
+** libgnutls: Calls to gnutls_record_send() and gnutls_record_recv()
+ prior to handshake being complete are now refused. Addresses gitlab issue #158.
+
+** libgnutls: Added support for PKCS#12 files with no salt (zero length) in their
+ password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC.
+
+** libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values.
+
+** libgnutls: Added new callback setting function to gnutls_privkey_t for external
+ keys. The new function (gnutls_privkey_import_ext4), allows signing in addition
+ to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519
+ keys.
+
+** libgnutls: Introduced the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1
+ priority string options. These allows enabling all broken and SHA1-based signature
+ algorithms in certificate verification, respectively.
+
+** libgnutls: 3DES-CBC is no longer included in the default priorities
+ list. It has to be explicitly enabled, e.g., with a string like
+ "NORMAL:+3DES-CBC".
+
+** libgnutls: SHA1 was marked as insecure for signing certificates. Verification
+ of certificates signed with SHA1 is now considered insecure and will
+ fail, unless flags intended to enable broken algorithms are set. Other uses
+ of SHA1 are still allowed. This can be reverted on compile time with the configure
+ flag --enable-sha1-support.
+
+** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification
+ of certificates signed with RIPEMD160 hash algorithm is now considered insecure and
+ will fail, unless flags intended to enable broken algorithms are set.
+
+** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes.
+ These curves were rarely used for that purpose, provide no advantage over
+ x25519 and were deprecated by TLS 1.3.
+
+** libgnutls: Removed support for DEFLATE, or any other compression method.
+
+** libgnutls: OpenPGP authentication was removed; the resulting library is ABI
+ compatible, with the openpgp related functions being stubs that fail
+ on invocation.
+
+** libgnutls: Removed support for libidn (i.e., IDNA2003); gnutls can now be compiled
+ only with libidn2 which provides IDNA2008.
+
+** certtool: The option '--load-ca-certificate' can now accept PKCS#11
+ URLs in addition to files.
+
+** certtool: The option '--load-crl' can now be used when generating PKCS#12
+ files (i.e., in conjunction with '--to-p12' option).
+
+** certtool: Keys with provable RSA and DSA parameters are now only read and
+ exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
+ This removes support for the previous a non-standard key format.
+
+** certtool: Added support for generating, printing and handling RSA-PSS and
+ Ed25519 keys and certificates.
+
+** certtool: the parameters --rsa, --dsa and --ecdsa to --generate-privkey are now
+ deprecated, replaced by the --key-type option.
+
+** p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were
+ replaced by the --generate-privkey option.
+
+** psktool: Generate 256-bit keys by default.
+
+** gnutls-server: Increase request buffer size to 16kb, and added the --alpn and
+ --alpn-fatal options, allowing testing of ALPN negotiation.
+
+** API and ABI modifications:
+gnutls_encode_rs_value: Added
+gnutls_decode_rs_value: Added
+gnutls_base64_encode2: Added
+gnutls_base64_decode2: Added
+gnutls_x509_crt_set_flags: Added
+gnutls_x509_crt_check_ip: Added
+gnutls_x509_ext_import_inhibit_anypolicy: Added
+gnutls_x509_ext_export_inhibit_anypolicy: Added
+gnutls_x509_crt_get_inhibit_anypolicy: Added
+gnutls_x509_crt_set_inhibit_anypolicy: Added
+gnutls_pubkey_export_rsa_raw2: Added
+gnutls_pubkey_export_dsa_raw2: Added
+gnutls_pubkey_export_ecc_raw2: Added
+gnutls_privkey_export_rsa_raw2: Added
+gnutls_privkey_export_dsa_raw2: Added
+gnutls_privkey_export_ecc_raw2: Added
+gnutls_x509_spki_init: Added
+gnutls_x509_spki_deinit: Added
+gnutls_x509_spki_get_pk_algorithm: Added
+gnutls_x509_spki_set_pk_algorithm: Added
+gnutls_x509_spki_get_digest_algorithm: Added
+gnutls_x509_spki_set_digest_algorithm: Added
+gnutls_x509_spki_get_salt_size: Added
+gnutls_x509_spki_set_salt_size: Added
+gnutls_x509_crt_set_spki: Added
+gnutls_x509_crt_get_spki: Added
+gnutls_x509_privkey_get_spki: Added
+gnutls_x509_privkey_set_spki: Added
+gnutls_x509_crq_get_spki: Added
+gnutls_x509_crq_set_spki: Added
+gnutls_pubkey_set_spki: Added
+gnutls_pubkey_get_spki: Added
+gnutls_privkey_set_spki: Added
+gnutls_privkey_get_spki: Added
+gnutls_privkey_import_ext4: Added
+GNUTLS_EXPORT_FLAG_NO_LZ: Added
+GNUTLS_DT_IP_ADDRESS: Added
+GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added
+GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added
+GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added
+GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES: Added
+GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added
+GNUTLS_SFLAGS_RFC7919: Added
+
+
+* Version 3.5.7 (released 2016-12-8)
+
+** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128
+ and SECURE256 priority strings.
+
+** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly
+ operate with OIDs which have elements that exceed 2^32.
+
+** libgnutls: The DN decoding functions output the traditional DN format
+ rather than the strict RFC4514 compliant textual DN. This reverts the
+ 3.5.6 introduced change, and allows applications which depended on the
+ previous format to continue to function. Introduced new functions which
+ output the strict format by default, and can revert to the old one using
+ a flag.
+
+** libgnutls: Improved TPM key handling. Check authorization requirements
+ prior to using a key and fix issue on loop for PIN input. Patches by
+ James Bottomley.
+
+** libgnutls: In all functions accepting UTF-8 passwords, ensure that
+ passwords are normalized according to RFC7613. When invalid UTF-8
+ passwords are detected, they are only tolerated for decryption.
+ This introduces a libunistring dependency on GnuTLS. A version of
+ libunistring is included in the library for the platforms that do
+ not ship it; it can be used with the '--with-included-unistring'
+ option to configure script.
+
+** libgnutls: When setting a subject alternative name in a certificate
+ which is in UTF-8 format, it will transparently be converted to IDNA form
+ prior to storing.
+
+** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print()
+ will print the SHA256 key-ID instead of a certificate fingerprint.
+
+** libgnutls: enhance the PKCS#7 verification capabilities. In the case
+ signers that are not discoverable using the trust list or input, use
+ the stored list as pool to generate a trusted chain to the signer.
+
+** libgnutls: Improved MTU calculation precision for the CBC ciphersuites
+ under DTLS.
+
+** libgnutls: [added missing news entry since 3.5.0]
+ No longer tolerate certificate key usage violations for
+ TLS signature verification, and decryption. That is GnuTLS will fail
+ to connect to servers which incorrectly use a restricted to signing certificate
+ for decryption, or vice-versa. This reverts the lax behavior introduced
+ in 3.1.0, due to several such broken servers being available. The %COMPAT
+ priority keyword can be used to work-around connecting on these servers.
+
+** certtool: When exporting a CRQ in DER format ensure no text data are
+ intermixed. Patch by Dmitry Eremin-Solenikov.
+
+** certtool: Include the SHA-256 variant of key ID in --certificate-info
+ options.
+
+** p11tool: Introduced the --initialize-pin and --initialize-so-pin
+ options.
+
+** API and ABI modifications:
+gnutls_utf8_password_normalize: Added
+gnutls_ocsp_resp_get_responder2: Added
+gnutls_x509_crt_get_issuer_dn3: Added
+gnutls_x509_crt_get_dn3: Added
+gnutls_x509_rdn_get2: Added
+gnutls_x509_dn_get_str2: Added
+gnutls_x509_crl_get_issuer_dn3: Added
+gnutls_x509_crq_get_dn3: Added
+
+
+* Version 3.5.6 (released 2016-11-04)
+
+** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
+ (pre-rfc5652) structures with arbitrary encapsulated content.
+
+** libgnutls: Introduced a function group to set known DH parameters
+ using groups from RFC7919.
+
+** libgnutls: Added more strict RFC4514 textual DN encoding and decoding.
+ Now the generated textual DN is in reverse order according to RFC4514,
+ and functions which generate a DN from strings such gnutls_x509_crt_set_*dn()
+ set the expected DN (reverse of the provided string).
+
+** libgnutls: Introduced time and constraints checks in the end certificate
+ in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
+ functions.
+
+** libgnutls: Set limits on the maximum number of alerts handled. That is,
+ applications using gnutls could be tricked into an busy loop if the
+ peer sends continuously alert messages. Applications which set a maximum
+ handshake time (via gnutls_handshake_set_timeout) will eventually recover
+ but others may remain in a busy loops indefinitely. This is related but
+ not identical to CVE-2016-8610, due to the difference in alert handling
+ of the libraries (gnutls delegates that handling to applications).
+
+** libgnutls: Reverted the change which made the gnutls_certificate_set_*key*
+ functions return an index (introduced in 3.5.5), to avoid affecting programs
+ which explicitly check success of the function as equality to zero. In order
+ for these functions to return an index an explicit call to gnutls_certificate_set_flags
+ with the GNUTLS_CERTIFICATE_API_V2 flag is now required.
+
+** libgnutls: Reverted the behavior of sending a status request extension even
+ without a response (introduced in 3.5.5). That is, we no longer reply to a
+ client's hello with a status request, with a status request extension. Although
+ that behavior is legal, it creates incompatibility issues with releases in
+ the gnutls 3.3.x branch.
+
+** libgnutls: Delayed the initialization of the random generator at
+ the first call of gnutls_rnd(). This allows applications to load
+ on systems which getrandom() would block, without blocking until
+ real random data are needed.
+
+** certtool: --get-dh-params will output parameters from the RFC7919
+ groups.
+
+** p11tool: improvements in --initialize option.
+
+** API and ABI modifications:
+GNUTLS_CERTIFICATE_API_V2: Added
+GNUTLS_NO_TICKETS: Added
+gnutls_pkcs7_get_embedded_data_oid: Added
+gnutls_anon_set_server_known_dh_params: Added
+gnutls_certificate_set_known_dh_params: Added
+gnutls_psk_set_server_known_dh_params: Added
+gnutls_x509_crt_check_key_purpose: Added
+
+
+* Version 3.5.5 (released 2016-10-09)
+
+** libgnutls: enhanced gnutls_certificate_set_ocsp_status_request_file()
+ to allow importing multiple OCSP request files, one for each chain
+ provided.
+
+** libgnutls: The gnutls_certificate_set_key* functions return an
+ index of the added chain. That index can be used either with
+ gnutls_certificate_set_ocsp_status_request_file(), or with
+ gnutls_certificate_get_crt_raw() and friends.
+
+** libgnutls: Added SHA*, AES-GCM, AES-CCM and AES-CBC optimized implementations
+ for the aarch64 architecture. Uses Andy Polyakov's assembly code.
+
+** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key()
+ failures due to key mismatch. This prevents leaks or double freeing
+ on such failures.
+
+** libgnutls: Increased the maximum size of the handshake message hash.
+ This will allow the library to cope better with larger packets, as
+ the ones offered by current TLS 1.3 drafts.
+
+** libgnutls: Allow to use client certificates despite them containing
+ disallowed algorithms for a session. That allows for example a client
+ to use DSA-SHA1 due to his old DSA certificate, without requiring him
+ to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).
+
+** libgnutls: Reverted AESNI code on x86 to earlier version as the
+ latest version was creating position depending code. Added checks
+ in the CI to detect position depending code early.
+
+** guile: Update code to the I/O port API of Guile >= 2.1.4
+ This makes sure the GnuTLS bindings will work with the forthcoming 2.2
+ stable series of Guile, of which 2.1 is a preview.
+
+** API and ABI modifications:
+gnutls_certificate_set_ocsp_status_request_function2: Added
+gnutls_session_ext_register: Added
+gnutls_session_supplemental_register: Added
+GNUTLS_E_PK_INVALID_PUBKEY: Added
+GNUTLS_E_PK_INVALID_PRIVKEY: Added
+
+
+* Version 3.5.4 (released 2016-09-08)
+
+** libgnutls: Corrected the comparison of the serial size in OCSP response.
+ Previously the OCSP certificate check wouldn't verify the serial length
+ and could succeed in cases it shouldn't (GNUTLS-SA-2016-3).
+ Reported by Stefan Buehler.
+
+** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop.
+
+** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This
+ is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0.
+
+** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256
+ as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0.
+
+** libgnutls: Added support for internationalized passwords in PKCS#12 files.
+ Previous versions would only encrypt or decrypt using passwords from the ASCII
+ set.
+
+** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA
+ keys. The signature is now written as unsigned integers into the DSASignatureValue
+ structure. Previously signed integers could be written depending on what
+ the underlying module would produce. Addresses #122.
+
+** gnutls-cli: Fixed starttls regression from 3.5.3.
+
+** API and ABI modifications:
+GNUTLS_E_MALFORMED_CIDR: Added
+gnutls_x509_cidr_to_rfc5280: Added
+gnutls_oid_to_mac: Added
+
+
+* Version 3.5.3 (released 2016-08-09)
+
+** libgnutls: Added support for TCP fast open (RFC7413), allowing
+ to reduce by one round-trip the handshake process. Based on proposal and
+ patch by Tim Ruehsen.
+
+** libgnutls: Adopted a simpler with less memory requirements DTLS sliding
+ window implementation. Based on Fridolin Pokorny's implementation for
+ AF_KTLS.
+
+** libgnutls: Use getrandom where available via the syscall interface.
+ This works around an issue of not-using getrandom even if it exists
+ since glibc doesn't declare such function.
+
+** libgnutls: Fixed DNS name constraints checking in the case of empty
+ intersection of domain names in the chain. Report and fix by Martin Ukrop.
+
+** libgnutls: Fixed name constraints checking in the case of chains
+ where the higher level certificates contained different types of
+ constraints than the ones present in the lower intermediate CAs.
+ Report and fix by Martin Ukrop.
+
+** libgnutls: Dropped support for the EGD random generator.
+
+** libgnutls: Allow the decoding of raw elements (starting with #)
+ in RFC4514 DN string decoding.
+
+** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
+ ignoring flags if all certificates in the list fit within the
+ initially allocated memory. Patch by Tim Kosse.
+
+** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt()
+ to return invalid pointers when returned more than a single certificate.
+ Report and fix by Stefan Sørensen.
+
+** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain,
+ even when the extra_certs was non-null. Report and fix by Stefan Sørensen.
+
+** certtool: Added the "add_extension" and "add_critical_extension"
+ template options. This allows specifying arbitrary extensions into
+ certificates and certificate requests.
+
+** gnutls-cli: Added the --fastopen option.
+
+** API and ABI modifications:
+GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added
+gnutls_x509_crq_set_extension_by_oid: Added
+gnutls_x509_dn_set_str: Added
+gnutls_transport_set_fastopen: Added
+
+
+* Version 3.5.2 (released 2016-07-06)
+
+** libgnutls: Address issue when utilizing the p11-kit trust store
+ for certificate verification (GNUTLS-SA-2016-2).
+
+** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by
+ Guillaume Roguez.
+
+** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects
+ from SafeNet Network HSM. Reported by Anthony Alba in #108.
+
+** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report
+ and fix by Stanislav Židek.
+
+** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE
+ instructions. Uses Andy Polyakov's assembly code.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.5.1 (released 2016-06-14)
+
+** libgnutls: The SSL 3.0 protocol support can completely be removed
+ using a compile time option. The configure option is --disable-ssl3-support.
+
+** libgnutls: The SSL 2.0 client hello support can completely be removed
+ using a compile time option. The configure option is --disable-ssl2-support.
+
+** libgnutls: Added support for OCSP Must staple PKIX extension. That is,
+ implemented the RFC7633 TLSFeature for OCSP status request extension.
+ Feature implemented by Tim Kosse.
+
+** libgnutls: More strict OCSP staple verification. That is, no longer
+ ignore invalid or too old OCSP staples. The previous behavior was
+ to rely on application use gnutls_ocsp_status_request_is_checked(),
+ while the new behavior is to include OCSP verification by default
+ and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error.
+
+** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key
+ purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This
+ improves interoperability with several old intermediate CA certificates
+ carrying these legacy OIDs.
+
+** libgnutls: Re-read the system wide priority file when needed. Patch by
+ Daniel P. Berrange.
+
+** libgnutls: Allow for fallback in system-specific initial keywords
+ (prefixed with '@'). That allows to specify a keyword such as
+ "@KEYWORD1,KEYWORD2" which will use the first available of these
+ two keywords. Patch by Daniel P. Berrange.
+
+** libgnutls: The SSLKEYLOGFILE environment variable can be used to log
+ session keys. These session keys are compatible with the NSS Key Log
+ Format and can be used to decrypt the session for debugging using
+ wireshark.
+
+** API and ABI modifications:
+GNUTLS_CERT_INVALID_OCSP_STATUS: Added
+gnutls_x509_crt_set_crq_extension_by_oid: Added
+gnutls_x509_ext_import_tlsfeatures: Added
+gnutls_x509_ext_export_tlsfeatures: Added
+gnutls_x509_tlsfeatures_add: Added
+gnutls_x509_tlsfeatures_init: Added
+gnutls_x509_tlsfeatures_deinit: Added
+gnutls_x509_tlsfeatures_get: Added
+gnutls_x509_crt_get_tlsfeatures: Added
+gnutls_x509_crt_set_tlsfeatures: Added
+gnutls_x509_crq_get_tlsfeatures: Added
+gnutls_x509_crq_set_tlsfeatures: Added
+gnutls_ext_get_name: Added
+
+
+* Version 3.5.0 (released 2016-05-09)
+
+** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA,
+ based on https://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+
+** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07).
+ This curve is disabled by default as it is still on specification status. It
+ can be enabled using the priority string modifier +CURVE-X25519.
+
+** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01)
+ by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73).
+
+** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable
+ RSA and DSA parameter generation from a seed.
+
+** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
+ cipher is prioritized after AES-GCM.
+
+** libgnutls: On a rehandshake ensure that the certificate of the peer or
+ its username remains the same as in previous handshakes. That is to protect
+ applications which do not check user credentials on rehandshakes. The
+ threat to address depends on the application protocol. Primarily it
+ protects against applications which authenticate the peer initially and
+ perform accounting using the session's information, from being misled
+ by a rehandshake which switches the peer's identity. Applications can
+ disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in
+ gnutls_init().
+
+** libgnutls: No longer tolerate certificate key usage violations for
+ TLS signature verification, and decryption. That is GnuTLS will fail
+ to connect to servers which incorrectly use a restricted to signing certificate
+ for decryption, or vice-versa. This reverts the lax behavior introduced
+ in 3.1.0, due to several such broken servers being available. The %COMPAT
+ priority keyword can be used to work-around connecting on these servers.
+
+** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate
+ parsing errors in the extensions field and treat it as a typical Hello
+ message structure. Reported by Hubert Kario (#40).
+
+** libgnutls: Old and unsupported version numbers in client hellos are
+ rejected with a "protocol_version" alert message. Reported by Hubert
+ Kario (#42).
+
+** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*()
+ functions, only on non-resumed sessions. This brings the API in par with
+ its usage (#79).
+
+** libgnutls: Follow RFC5280 strictly in name constraints computation. The
+ permitted subtrees is intersected with any previous values. Report and
+ patch by Daiki Ueno.
+
+** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on
+ session resumption. Reported by Hubert Kario (#69).
+
+** libgnutls: Consider the max-record TLS extension even when under DTLS.
+ Reported by Peter Dettman (#61).
+
+** libgnutls: Replaced writev() system call with sendmsg().
+
+** libgnutls: Replaced select() system call with poll() on POSIX systems.
+
+** libgnutls: Preload the system priority file on library load. This allows
+ applications that chroot() to also use the system priorities.
+
+** libgnutls: Applications are allowed to override the built-in key and
+ certificate URLs.
+
+** libgnutls: The gnutls.h header marks constant and pure functions explictly.
+
+** certtool: Added the ability to sign certificates using SHA3.
+
+** certtool: Added the --provable and --verify-allow-broken options.
+
+** gnutls-cli: The --dane option will cause verification failure if gnutls is not
+ compiled with DANE support.
+
+** crywrap: The tool was unbundled from gnutls' distribution. It can be found at
+ https://github.com/nmav/crywrap
+
+** guile: .go files are now built and installed
+
+** guile: Fix compatibility issue of the test suite with Guile 2.1
+
+** guile: When --with-guile-site-dir is passed, modules are installed in a
+ versioned directory, typically $(datadir)/guile/site/2.0
+
+** guile: Tests no longer leave zombie processes behind
+
+** API and ABI modifications:
+GNUTLS_FORCE_CLIENT_CERT: Added
+GNUTLS_ENABLE_FALSE_START: Added
+GNUTLS_INDEFINITE_TIMEOUT: Added
+GNUTLS_ALPN_SERVER_PRECEDENCE: Added
+GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added
+GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added
+gnutls_check_version_numeric: Added
+gnutls_x509_crt_equals: Added
+gnutls_x509_crt_equals2: Added
+gnutls_x509_crt_set_subject_alt_othername: Added
+gnutls_x509_crt_set_issuer_alt_othername: Added
+gnutls_x509_crt_get_signature_oid: Added
+gnutls_x509_crt_get_pk_oid: Added
+gnutls_x509_crq_set_subject_alt_othername: Added
+gnutls_x509_crq_get_pk_oid: Added
+gnutls_x509_crq_get_signature_oid: Added
+gnutls_x509_crl_get_signature_oid: Added
+gnutls_x509_privkey_generate2: Added
+gnutls_x509_privkey_get_seed: Added
+gnutls_x509_privkey_verify_seed: Added
+gnutls_privkey_generate2: Added
+gnutls_privkey_get_seed: Added
+gnutls_privkey_verify_seed: Added
+gnutls_decode_ber_digest_info: Added
+gnutls_encode_ber_digest_info: Added
+gnutls_dh_params_import_dsa: Added
+gnutls_session_get_master_secret: Added
+
+
+* Version 3.4.3 (released 2015-07-12)
+
+** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
+ dates prior to 2050.
+
+** libgnutls: Force 16-byte alignment to all input to ciphers (previously it
+ was done only when cryptodev was enabled).
+
+** libgnutls: Removed support for pthread_atfork() as it has undefined
+ semantics when used with dlopen(), and may lead to a crash.
+
+** libgnutls: corrected failure when importing plain files
+ with gnutls_x509_privkey_import2(), and a password was provided.
+
+** libgnutls: Don't reject certificates if a CA has the URI or IP address
+ name constraints, and the end certificate doesn't have an IP address
+ name or a URI set.
+
+** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
+
+** p11tool: Added --list-token-urls option, and print the token module name
+ in list-tokens.
+
+** API and ABI modifications:
+gnutls_ecc_curve_get_oid: Added
+gnutls_digest_get_oid: Added
+gnutls_pk_get_oid: Added
+gnutls_sign_get_oid: Added
+gnutls_ecc_curve_get_id: Added
+gnutls_oid_to_digest: Added
+gnutls_oid_to_pk: Added
+gnutls_oid_to_sign: Added
+gnutls_oid_to_ecc_curve: Added
+gnutls_pkcs7_get_signature_count: Added
+
+
+* Version 3.4.2 (released 2015-06-16)
+
+** libgnutls: DTLS blocking API is more robust against infinite blocking,
+and will notify of more possible timeouts.
+
+** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
+by Manuel Pegourie-Gonnard.
+
+** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
+allows to disable SIGPIPE for writes done within gnutls.
+
+** libgnutls: Enhanced the PKCS #7 API to allow signing and verification
+of structures. API moved to gnutls/pkcs7.h header.
+
+** certtool: Added options to generate PKCS #7 bundles and signed
+structures.
+
+** API and ABI modifications:
+gnutls_x509_dn_get_str: Added
+gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added
+gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added
+gnutls_x509_crt_verify_data2: Added
+gnutls_pkcs7_get_crt_raw2: Added
+gnutls_pkcs7_signature_info_deinit: Added
+gnutls_pkcs7_get_signature_info: Added
+gnutls_pkcs7_verify_direct: Added
+gnutls_pkcs7_verify: Added
+gnutls_pkcs7_get_crl_raw2: Added
+gnutls_pkcs7_sign: Added
+gnutls_pkcs7_attrs_deinit: Added
+gnutls_pkcs7_add_attr: Added
+gnutls_pkcs7_get_attr: Added
+gnutls_pkcs7_print: Added
+
+
+* Version 3.4.1 (released 2015-05-03)
+
+** libgnutls: gnutls_certificate_get_ours: will return the certificate even
+if a callback was used to send it.
+
+** libgnutls: Check for invalid length in the X.509 version field. Without
+the check certificates with invalid length would be detected as having an
+arbitrary version. Reported by Hanno Böck.
+
+** libgnutls: Handle DNS name constraints with a leading dot. Patch by
+Fotis Loukos.
+
+** libgnutls: Updated system-keys support for windows to compile in more
+versions of mingw. Patch by Tim Kosse.
+
+** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
+Karthikeyan Bhargavan [GNUTLS-SA-2015-2].
+
+** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
+by default. That caused issues with non-blocking programs.
+
+** certtool: It can generate SHA256 key IDs.
+
+** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
+
+** configure: re-enabled the --enable-local-libopts flag
+
+** API and ABI modifications:
+gnutls_x509_crt_get_pk_ecc_raw: Added
+
+
+* Version 3.4.0 (released 2015-04-08)
+
+** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
+ciphersuites. The former are enabled by default, the latter need to be
+explicitly enabled, since they reduce the overall security level.
+
+** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
+draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
+That is currently provided as technology preview and is not enabled by
+default, since there are no assigned ciphersuite points by IETF and there
+is no guarrantee of compatibility between draft versions. The ciphersuite
+priority string to enable it is "+CHACHA20-POLY1305".
+
+** libgnutls: Added support for encrypt-then-authenticate in CBC
+ciphersuites (RFC7366 -taking into account its errata text). This is
+enabled by default and can be disabled using the %NO_ETM priority
+string.
+
+** libgnutls: Added support for the extended master secret
+(triple-handshake fix) following draft-ietf-tls-session-hash-02.
+
+** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
+
+** libgnutls: SSL 3.0 is no longer included in the default priorities
+list. It has to be explicitly enabled, e.g., with a string like
+"NORMAL:+VERS-SSL3.0".
+
+** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
+list. It has to be explicitly enabled, e.g., with a string like
+"NORMAL:+ARCFOUR-128".
+
+** libgnutls: DSA signatures and DHE-DSS are no longer included in the
+default priorities list. They have to be explicitly enabled, e.g., with
+a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
+DSA ciphersuites were dropped because they had no deployment at all
+on the internet, to justify their inclusion.
+
+** libgnutls: The priority string EXPORT was completely removed. The string
+was already defunc as support for the EXPORT ciphersuites was removed in
+GnuTLS 3.2.0.
+
+** libgnutls: Added API to utilize system specific private keys in
+"gnutls/system-keys.h". It is currently provided as technology preview
+and is restricted to windows CNG keys.
+
+** libgnutls: gnutls_x509_crt_check_hostname() and friends will use
+RFC6125 comparison of hostnames. That introduces a dependency on libidn.
+
+** libgnutls: Depend on p11-kit 0.23.1 to comply with the final
+PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).
+
+** libgnutls: Depend on nettle 3.1.
+
+** libgnutls: Use getrandom() or getentropy() when available. That
+avoids the complexity of file descriptor handling and issues with
+applications closing all open file descriptors on startup.
+
+** libgnutls: Use pthread_atfork() to detect fork when available.
+
+** libgnutls: If a key purpose (extended key usage) is specified for verification,
+it is applied into intermediate certificates. The verification result
+GNUTLS_CERT_PURPOSE_MISMATCH is also introduced.
+
+** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
+combination with PKCS #11, or TPM URLs, it will utilize the provided
+password as PIN if required. That removes the requirement for the
+application to set a callback for PINs in that case.
+
+** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
+restricted to the corresponding protocols only, and the VERS-ALL
+string is introduced to catch all possible protocols.
+
+** libgnutls: Added helper functions to obtain information on PKCS #8
+structures.
+
+** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t
+will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
+
+** libgnutls: Added functions to export and set the record state. That
+allows for gnutls_record_send() and recv() to be offloaded (to kernel,
+hardware or any other subsystem).
+
+** libgnutls: Added the ability to register application specific URL
+types, which express certificates and keys using gnutls_register_custom_url().
+
+** libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
+to override AES-GCM using a system-specific accelerator. That is, (crypto.h)
+gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(),
+gnutls_crypto_register_mac(), and gnutls_crypto_register_digest().
+
+** libgnutls: Added gnutls_ext_register() to register custom extensions.
+Contributed by Thierry Quemerais.
+
+** libgnutls: Added gnutls_supplemental_register() to register custom
+supplemental data handshake messages. Contributed by Thierry Quemerais.
+
+** libgnutls-openssl: it is no longer built by default.
+
+
+** certtool: Added --p8-info option, which will print PKCS #8 information
+even if the password is not available.
+
+** certtool: --key-info option will print PKCS #8 encryption information
+when available.
+
+** certtool: Added the --key-id and --fingerprint options.
+
+** certtool: Added the --verify-hostname, --verify-email and --verify-purpose
+options to be used in certificate chain verification, to simulate verification
+for specific hostname and key purpose (extended key usage).
+
+** certtool: --p12-info option will print PKCS #12 MAC and cipher information
+when available.
+
+** certtool: it will print the A-label (ACE) names in addition to UTF-8.
+
+** p11tool: added options --set-id and --set-label.
+
+** gnutls-cli: added options --priority-list and --save-cert.
+
+** guile: Deprecated priority API has been removed. The old priority API,
+which had been deprecated for some time, is now gone; use 'set-session-priorities!'
+instead.
+
+** guile: Remove RSA parameters and related procedures. This API had been
+deprecated.
+
+** guile: Fix compilation on MinGW. Previously only the static version of the
+'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.
+
+** API and ABI modifications:
+gnutls_record_get_state: Added
+gnutls_record_set_state: Added
+gnutls_aead_cipher_init: Added
+gnutls_aead_cipher_decrypt: Added
+gnutls_aead_cipher_encrypt: Added
+gnutls_aead_cipher_deinit: Added
+gnutls_pkcs12_generate_mac2: Added
+gnutls_pkcs12_mac_info: Added
+gnutls_pkcs12_bag_enc_info: Added
+gnutls_pkcs8_info: Added
+gnutls_pkcs_schema_get_name: Added
+gnutls_pkcs_schema_get_oid: Added
+gnutls_pcert_export_x509: Added
+gnutls_pcert_export_openpgp: Added
+gnutls_pcert_import_x509_list: Added
+gnutls_pkcs11_privkey_cpy: Added
+gnutls_x509_crq_get_signature_algorithm: Added
+gnutls_x509_trust_list_iter_get_ca: Added
+gnutls_x509_trust_list_iter_deinit: Added
+gnutls_x509_trust_list_get_issuer_by_dn: Added
+gnutls_pkcs11_get_raw_issuer_by_dn: Added
+gnutls_certificate_get_trust_list: Added
+gnutls_privkey_export_x509: Added
+gnutls_privkey_export_pkcs11: Added
+gnutls_privkey_export_openpgp: Added
+gnutls_privkey_import_ext3: Added
+gnutls_certificate_get_x509_key: Added
+gnutls_certificate_get_x509_crt: Added
+gnutls_certificate_get_openpgp_key: Added
+gnutls_certificate_get_openpgp_crt: Added
+gnutls_record_discard_queued: Added
+gnutls_session_ext_master_secret_status: Added
+gnutls_priority_string_list: Added
+gnutls_dh_params_import_raw2: Added
+gnutls_memset: Added
+gnutls_memcmp: Added
+gnutls_pkcs12_bag_set_privkey: Added
+gnutls_ocsp_resp_get_responder_raw_id: Added
+gnutls_system_key_iter_deinit: Added
+gnutls_system_key_iter_get_info: Added
+gnutls_system_key_delete: Added
+gnutls_system_key_add_x509: Added
+gnutls_system_recv_timeout: Added
+gnutls_register_custom_url: Added
+gnutls_pkcs11_obj_list_import_url3: Added
+gnutls_pkcs11_obj_list_import_url4: Added
+gnutls_pkcs11_obj_set_info: Added
+gnutls_crypto_register_cipher: Added
+gnutls_crypto_register_aead_cipher: Added
+gnutls_crypto_register_mac: Added
+gnutls_crypto_register_digest: Added
+gnutls_ext_register: Added
+gnutls_supplemental_register: Added
+gnutls_supplemental_recv: Added
+gnutls_supplemental_send: Added
+gnutls_openpgp_crt_check_email: Added
+gnutls_x509_crt_check_email: Added
+gnutls_handshake_set_hook_function: Modified
+gnutls_pkcs11_privkey_generate3: Added
+gnutls_pkcs11_copy_x509_crt2: Added
+gnutls_pkcs11_copy_x509_privkey2: Added
+gnutls_pkcs11_obj_list_import_url: Removed
+gnutls_pkcs11_obj_list_import_url2: Removed
+gnutls_certificate_client_set_retrieve_function: Removed
+gnutls_certificate_server_set_retrieve_function: Removed
+gnutls_certificate_set_rsa_export_params: Removed
+gnutls_certificate_type_set_priority: Removed
+gnutls_cipher_set_priority: Removed
+gnutls_compression_set_priority: Removed
+gnutls_kx_set_priority: Removed
+gnutls_mac_set_priority: Removed
+gnutls_protocol_set_priority: Removed
+gnutls_rsa_export_get_modulus_bits: Removed
+gnutls_rsa_export_get_pubkey: Removed
+gnutls_rsa_params_cpy: Removed
+gnutls_rsa_params_deinit: Removed
+gnutls_rsa_params_export_pkcs1: Removed
+gnutls_rsa_params_export_raw: Removed
+gnutls_rsa_params_generate2: Removed
+gnutls_rsa_params_import_pkcs1: Removed
+gnutls_rsa_params_import_raw: Removed
+gnutls_rsa_params_init: Removed
+gnutls_sign_callback_get: Removed
+gnutls_sign_callback_set: Removed
+gnutls_x509_crt_verify_data: Removed
+gnutls_x509_crt_verify_hash: Removed
+gnutls_pubkey_get_verify_algorithm: Removed
+gnutls_x509_crt_get_verify_algorithm: Removed
+gnutls_pubkey_verify_hash: Removed
+gnutls_pubkey_verify_data: Removed
+gnutls_record_set_max_empty_records: Removed
+
+guile:
+set-session-cipher-priority!: Removed
+set-session-mac-priority!: Removed
+set-session-compression-method-priority!: Removed
+set-session-kx-priority!: Removed
+set-session-protocol-priority!: Removed
+set-session-certificate-type-priority!: Removed
+set-session-default-priority!: Removed
+set-session-default-export-priority!: Removed
+make-rsa-parameters: Removed
+rsa-parameters?: Removed
+set-certificate-credentials-rsa-export-parameters!: Removed
+pkcs1-import-rsa-parameters: Removed
+pkcs1-export-rsa-parameters: Removed
+
+
+
+* Version 3.3.6 (released 2014-07-23)
+
+** libgnutls: Use inet_ntop to print IP addresses when available
+
+** libgnutls: gnutls_x509_crt_check_hostname and friends will also check
+IP addresses, and match documented behavior. Reported by David Woodhouse.
+
+** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024
+bit parameters.
+
+** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens
+being usable after a reinitialization.
+
+** libgnutls: fixed PKCS #11 private key operations after a fork.
+
+** libgnutls: fixed PKCS #11 ECDSA key generation.
+
+** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to
+explicitly enable/disable the use of certain CPU capabilities. Note that CPU
+detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel
+CPU. The currently available options are:
+ 0x1: Disable all run-time detected optimizations
+ 0x2: Enable AES-NI
+ 0x4: Enable SSSE3
+ 0x8: Enable PCLMUL
+ 0x100000: Enable VIA padlock
+ 0x200000: Enable VIA PHE
+ 0x400000: Enable VIA PHE SHA512
+
+** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott.
+
+** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set.
+
+** p11tool: ask for label when one isn't provided.
+
+** p11tool: added --batch parameter to disable any interactivity.
+
+** p11tool: will not implicitly enable so-login for certain types of
+objects. That avoids issues with tokens that require different login
+types.
+
+** certtool/p11tool: Added the --curve parameter which allows to explicitly
+specify the curve to use.
+
+** API and ABI modifications:
+gnutls_certificate_set_x509_trust_dir: Added
+gnutls_x509_trust_list_add_trust_dir: Added
+
+
+* Version 3.3.5 (released 2014-06-26)
+
+** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit().
+These functions provide a variant of gnutls_record_recv() that avoids
+the final memcpy of data.
+
+** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a
+faster variant of gnutls_x509_crl_get_crt_serial() when coping with
+very large structures.
+
+** libgnutls: When the decoding of a printable DN element fails, then treat
+it as unknown and print its hex value rather than failing. That works around
+an issue in a TURKTRST root certificate which improperly encodes the
+X520countryName element.
+
+** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number
+of certificates present in a PKCS #11 token when loading it.
+
+** libgnutls: Allow the post client hello callback to put the handshake on
+hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
+
+** certtool: option --to-p12 will now consider --load-ca-certificate
+
+** certtol: Added option to specify the PKCS #12 friendly name on command
+line.
+
+** p11tool: Allow marking a certificate copied to a token as a CA.
+
+** API and ABI modifications:
+GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added
+gnutls_x509_crl_iter_deinit: Added
+gnutls_x509_crl_iter_crt_serial: Added
+gnutls_record_recv_packet: Added
+gnutls_packet_deinit: Added
+gnutls_packet_get: Added
+
+
+* Version 3.3.4 (released 2014-05-31)
+
+** libgnutls: Updated Andy Polyakov's assembly code. That prevents a
+crash on certain CPUs.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.3.3 (released 2014-05-30)
+
+** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
+Issue reported by Joonas Kuorilehto of Codenomicon.
+
+** libgnutls: gnutls_global_set_mutex() was modified to operate with the
+new initialization process.
+
+** libgnutls: Increased the maximum certificate size buffer
+in the PKCS #11 subsystem.
+
+** libgnutls: Check the return code of getpwuid_r() instead of relying
+on the result value. That avoids issue in certain systems, when using
+tofu authentication and the home path cannot be determined. Issue reported
+by Viktor Dukhovni.
+
+** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to
+create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552
+
+** gnutls-cli: --dane will only check the end certificate if PKIX validation
+has been disabled.
+
+** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot
+be emulated with the implicit initialization of gnutls.
+
+** certtool: Allow multiple organizations and organizational unit names to
+be specified in a template.
+
+** certtool: Warn when invalid configuration options are set to a template.
+
+** ocsptool: Include path in ocsp request. This resolves #108582
+(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
+
+** API and ABI modifications:
+gnutls_credentials_get: Added
+
+
+* Version 3.3.2 (released 2014-05-06)
+
+** libgnutls: Added the 'very weak' certificate verification profile
+that corresponds to 64-bit security level.
+
+** libgnutls: Corrected file descriptor leak on random generator
+initialization.
+
+** libgnutls: Corrected file descriptor leak on PSK password file
+reading. Issue identified using the Codenomicon TLS test suite.
+
+** libgnutls: Avoid deinitialization if initialization has failed.
+
+** libgnutls: null-terminate othername alternative names.
+
+** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly
+on a PKCS #11 trust list.
+
+** libgnutls: Several small bug fixes identified using valgrind and
+the Codenomicon TLS test suite.
+
+** libgnutls-dane: Accept a certificate using DANE if there is at least one
+entry that matches the certificate. Patch by simon [at] arlott.org.
+
+** libgnutls-guile: Fixed compilation issue.
+
+** certtool: Allow exporting a CRL on DER format.
+
+** certtool: The ECDSA keys generated by default use the SECP256R1 curve
+which is supported more widely than the previously used SECP224R1.
+
+** API and ABI modifications:
+GNUTLS_PROFILE_VERY_WEAK: Added
+
+
+* Version 3.3.1 (released 2014-04-19)
+
+** libgnutls: Enforce more strict checks to heartbeat messages
+concerning padding and payload. Suggested by Peter Dettman.
+
+** libgnutls: Allow decoding PKCS #8 files with ECC parameters
+from openssl.
+
+** libgnutls: Several small bug fixes found by coverity.
+
+** libgnutls: The conditionally available self-test functions
+were moved to self-test.h.
+
+** libgnutls: Fixed issue with the check of incoming data when two
+different recv and send pointers have been specified. Reported and
+investigated by JMRecio.
+
+** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
+result to illegal memory access if a server hint was provided. Reported
+by André Klitzing.
+
+** libgnutls: Fixed client memory leak in the PSK key exchange, if a
+server hint was provided.
+
+** libgnutls: Corrected the *get_*_othername_oid() functions.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.3.0 (released 2014-04-10)
+
+** libgnutls: The initialization of the library was moved to a
+constructor. That is, gnutls_global_init() is no longer required
+unless linking with a static library or a system that does not
+support library constructors.
+
+** libgnutls: static libraries are not built by default.
+
+** libgnutls: PKCS #11 initialization is delayed to first usage.
+That avoids long delays in gnutls initialization due to broken PKCS #11
+modules.
+
+** libgnutls: The PKCS #11 subsystem is re-initialized "automatically"
+on the first PKCS #11 API call after a fork.
+
+** libgnutls: certificate verification profiles were introduced
+that can be specified as flags to verification functions. They
+are enumerations in gnutls_certificate_verification_profiles_t
+and can be converted to flags for use in a verification function
+using GNUTLS_PROFILE_TO_VFLAGS().
+
+** libgnutls: Added the ability to read system-specific initial
+keywords, if they are prefixed with '@'. That allows a compile-time
+specified configuration file to be used to read pre-configured priority
+strings from. That can be used to impose system specific policies.
+
+** libgnutls: Increased the default security level of priority
+strings (NORMAL and PFS strings require at minimum a 1008 DH prime),
+and set a verification profile by default. The LEGACY keyword is
+introduced to set the old defaults.
+
+** libgnutls: Added support for the name constraints PKIX extension.
+Currently only DNS names and e-mails are supported (no URIs, IPs
+or DNs).
+
+** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to
+SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL.
+
+** libgnutls: Added new API in x509-ext.h to handle X.509 extensions.
+This API handles the X.509 extensions in isolation, allowing to parse
+similarly formatted extensions stored in other structures.
+
+** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS
+can be used to specify a particular subgroup as the number of bits in
+gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256).
+
+** libgnutls: DH parameter generation is now delegated to nettle.
+That unfortunately has the side-effect that DH parameters longer than
+3072 bits, cannot be generated (not without a nettle update).
+
+** libgnutls: Separated nonce RNG from the main RNG. The nonce
+random number generator is based on salsa20/12.
+
+** libgnutls: The buffer alignment provided to crypto backend is
+enforced to be 16-byte aligned, when compiled with cryptodev
+support. That allows certain cryptodev drivers to operate more
+efficiently.
+
+** libgnutls: Return error when a public/private key pair that doesn't
+match is set into a credentials structure.
+
+** libgnutls: Depend on p11-kit 0.20.0 or later.
+
+** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has
+been removed. It was not approved by IETF.
+
+** libgnutls: The experimental xssl library is removed from the gnutls
+distribution.
+
+** libgnutls: Reduced the number of gnulib modules used in the main library.
+
+** libgnutls: Added priority string %DISABLE_WILDCARDS.
+
+** libgnutls: Added the more extensible verification function
+gnutls_certificate_verify_peers(), that allows checking, in addition
+to a peer's DNS hostname, for the key purpose of the end certificate
+(via PKIX extended key usage).
+
+** certtool: Timestamps for serial numbers were increased to 8 bytes,
+and in batch mode to 12 (appended with 4 random bytes).
+
+** certtool: When no CRL number is provided (or value set to -1), then
+a time-based number will be used, similarly to the serial generation
+number in certificates.
+
+** certtool: Print the SHA256 fingerprint of a certificate in addition
+to SHA1.
+
+** libgnutls: Added --enable-fips140-mode configuration option (unsupported).
+That option enables (when running on FIPS140-enabled system):
+ o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes)
+ o The DRBG-CTR-AES256 deterministic random generator from SP800-90A.
+ o Self-tests on initialization on ciphers/MACs, public key algorithms
+ and the random generator.
+ o HMAC-SHA256 verification of the library on load.
+ o MD5 is included for TLS purposes but cannot be used by the high level
+ hashing functions.
+ o All ciphers except AES are disabled.
+ o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5).
+ o All keys (temporal and long term) are zeroized after use.
+ o Security levels are adjusted to the FIPS140-2 recommendations (rather
+ than ECRYPT).
+
+** API and ABI modifications:
+GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added
+gnutls_certificate_verify_peers: Added
+gnutls_privkey_generate: Added
+gnutls_pkcs11_crt_is_known: Added
+gnutls_fips140_mode_enabled: Added
+gnutls_sec_param_to_symmetric_bits: Added
+gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962)
+gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw)
+gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw)
+gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw)
+gnutls_pubkey_verify_params: Added
+gnutls_privkey_export_ecc_raw: Added
+gnutls_privkey_export_dsa_raw: Added
+gnutls_privkey_export_rsa_raw: Added
+gnutls_privkey_import_ecc_raw: Added
+gnutls_privkey_import_dsa_raw: Added
+gnutls_privkey_import_rsa_raw: Added
+gnutls_privkey_verify_params: Added
+gnutls_x509_crt_check_hostname2: Added
+gnutls_openpgp_crt_check_hostname2: Added
+gnutls_x509_name_constraints_init: Added
+gnutls_x509_name_constraints_deinit: Added
+gnutls_x509_crt_get_name_constraints: Added
+gnutls_x509_name_constraints_add_permitted: Added
+gnutls_x509_name_constraints_add_excluded: Added
+gnutls_x509_crt_set_name_constraints: Added
+gnutls_x509_name_constraints_get_permitted: Added
+gnutls_x509_name_constraints_get_excluded: Added
+gnutls_x509_name_constraints_check: Added
+gnutls_x509_name_constraints_check_crt: Added
+gnutls_x509_crl_get_extension_data2: Added
+gnutls_x509_crt_get_extension_data2: Added
+gnutls_x509_crq_get_extension_data2: Added
+gnutls_subject_alt_names_init: Added
+gnutls_subject_alt_names_deinit: Added
+gnutls_subject_alt_names_get: Added
+gnutls_subject_alt_names_set: Added
+gnutls_x509_ext_import_subject_alt_names: Added
+gnutls_x509_ext_export_subject_alt_names: Added
+gnutls_x509_crl_dist_points_init: Added
+gnutls_x509_crl_dist_points_deinit: Added
+gnutls_x509_crl_dist_points_get: Added
+gnutls_x509_crl_dist_points_set: Added
+gnutls_x509_ext_import_crl_dist_points: Added
+gnutls_x509_ext_export_crl_dist_points: Added
+gnutls_x509_ext_import_name_constraints: Added
+gnutls_x509_ext_export_name_constraints: Added
+gnutls_x509_aia_init: Added
+gnutls_x509_aia_deinit: Added
+gnutls_x509_aia_get: Added
+gnutls_x509_aia_set: Added
+gnutls_x509_ext_import_aia: Added
+gnutls_x509_ext_export_aia: Added
+gnutls_x509_ext_import_subject_key_id: Added
+gnutls_x509_ext_export_subject_key_id: Added
+gnutls_x509_ext_export_authority_key_id: Added
+gnutls_x509_ext_import_authority_key_id: Added
+gnutls_x509_aki_init: Added
+gnutls_x509_aki_get_id: Added
+gnutls_x509_aki_get_cert_issuer: Added
+gnutls_x509_aki_set_id: Added
+gnutls_x509_aki_set_cert_issuer: Added
+gnutls_x509_aki_deinit: Added
+gnutls_x509_ext_import_private_key_usage_period: Added
+gnutls_x509_ext_export_private_key_usage_period: Added
+gnutls_x509_ext_import_basic_constraints: Added
+gnutls_x509_ext_export_basic_constraints: Added
+gnutls_x509_ext_import_key_usage: Added
+gnutls_x509_ext_export_key_usage: Added
+gnutls_x509_ext_import_proxy: Added
+gnutls_x509_ext_export_proxy: Added
+gnutls_x509_policies_init: Added
+gnutls_x509_policies_deinit: Added
+gnutls_x509_policies_get: Added
+gnutls_x509_policies_set: Added
+gnutls_x509_ext_import_policies: Added
+gnutls_x509_ext_export_policies: Added
+gnutls_x509_key_purpose_init: Added
+gnutls_x509_key_purpose_deinit: Added
+gnutls_x509_key_purpose_set: Added
+gnutls_x509_key_purpose_get: Added
+gnutls_x509_ext_import_key_purposes: Added
+gnutls_x509_ext_export_key_purposes: Added
+gnutls_digest_self_test: Added (conditionally)
+gnutls_mac_self_test: Added (conditionally)
+gnutls_pk_self_test: Added (conditionally)
+gnutls_cipher_self_test: Added (conditionally)
+gnutls_global_set_mem_functions: Deprecated
+
+
+* Version 3.2.6 (released 2013-10-31)
+
+** libgnutls: Support for TPM via trousers is now enabled by default.
+
+** libgnutls: Camellia in GCM mode has been added in default priorities, and
+GCM mode is prioritized over CBC in all of the default priority strings.
+
+** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
+
+** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
+GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
+Reported by Stefan Buehler.
+
+** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
+
+** libgnutls: Minimum acceptable DH group parameters were increased to 767
+bits from 727.
+
+** libgnutls: Added function to obtain random data from PKCS #11 tokens.
+Contributed by Wolfgang Meyer zu Bergsten.
+
+** gnulib: updated.
+
+** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
+previous fix. Reported by Tomas Mraz.
+
+** p11tool: Added option generate-random.
+
+** API and ABI modifications:
+gnutls_pkcs11_token_get_random: Added
+
+
+* Version 3.2.5 (released 2013-10-23)
+
+** libgnutls: Documentation and build-time fixes.
+
+** libgnutls: Allow the generation of DH groups of less than 700 bits.
+
+** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 as MAC,
+as well as Camellia with GCM.
+
+** libdane: Added interfaces to allow initialization of dane_query_t from
+external DNS resolutions, and to allow direct verification of a certificate
+chain against a dane_query_t. Contributed by Christian Grothoff.
+
+** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
+triggered by a DNS server supplying more than 4 DANE records. Report and fix
+by Christian Grothoff.
+
+** srptool: Fixed index command line option. Patch by Attila Molnar.
+
+** gnutls-cli: Added support for inline commands, using the
+--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.
+
+** certtool: pathlen constraint is now read correctly. Reported by
+Christoph Seitz.
+
+** API and ABI modifications:
+gnutls_certificate_get_crt_raw: Added
+dane_verify_crt_raw: Added
+dane_raw_tlsa: Added
+
+
+* Version 3.2.4 (released 2013-08-31)
+
+** libgnutls: Fixes when session tickets and session DB are used.
+Report and initial patch by Stefan Buehler.
+
+** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner,
+based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH.
+
+** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch
+by Stefan Buehler.
+
+** libgnutls: Added the PFS priority string option.
+
+** libgnutls: Gnulib included files are strictly LGPLv2.
+
+** libgnutls: Corrected gnutls_certificate_server_set_request().
+Reported by Petr Pisar.
+
+** API and ABI modifications:
+gnutls_record_set_timeout: Exported
+
+
+* Version 3.2.3 (released 2013-07-30)
+
+** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler.
+
+** libgnutls: Solve issue with received TLS packets that exceed 2^14.
+(this fixes a bug that was accidentally introduced in 3.2.2)
+
+** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be
+used by the library.
+
+** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by
+Alfredo Pironti.
+
+** API and ABI modifications:
+gnutls_priority_kx_list: Added
+gnutls_priority_mac_list: Added
+gnutls_priority_cipher_list: Added
+
+
+* Version 3.2.2 (released 2013-07-14)
+
+** libgnutls: Several optimizations in the related to packet processing
+subsystems.
+
+** libgnutls: DTLS replay detection can now be disabled (to be used
+in certain transport layers like SCTP).
+
+** libgnutls: Fixes in SRTP extension generation when MKI is being
+used.
+
+** libgnutls: Added ability to set hooks before or after sending or receiving
+any handshake message with gnutls_handshake_set_hook_function().
+
+** API and ABI modifications:
+GNUTLS_NO_REPLAY_PROTECTION: Added
+gnutls_certificate_set_trust_list: Added
+gnutls_cipher_get_tag_size: Added
+gnutls_record_overhead_size: Added
+gnutls_est_record_overhead_size: Added
+gnutls_handshake_set_hook_function: Added
+gnutls_handshake_description_get_name: Added
+gnutls_digest_list: Added
+gnutls_digest_get_id: Added
+gnutls_digest_get_name: Added
+
+
+* Version 3.2.1 (released 2013-06-01)
+
+** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
+openssl versions.
+
+** libgnutls: Fixes in interrupted function resumption. Report
+and patch by Tim Kosse.
+
+** libgnutls: Corrected issue when receiving client hello verify requests
+in DTLS.
+
+** libgnutls: Fixes in DTLS record overhead size calculations.
+
+** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
+by Mann Ern Kang.
+
+** API and ABI modifications:
+gnutls_session_set_id: Added
+
+
+* Version 3.2.0 (released 2013-05-10)
+
+** libgnutls: Use nettle's elliptic curve implementation.
+
+** libgnutls: Added Salsa20 cipher
+
+** libgnutls: Added UMAC-96 and UMAC-128
+
+** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
+As they are not standardized they are defined using private ciphersuite
+numbers.
+
+** libgnutls: Added support for DTLS 1.2.
+
+** libgnutls: Added support for the Application Layer Protocol Negotiation
+(ALPN) extension.
+
+** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
+
+** libgnutls: Avoid linking to librt (that also avoids unnecessary
+linking to pthreads if p11-kit isn't used).
+
+** API and ABI modifications:
+gnutls_cipher_get_iv_size: Added
+gnutls_hmac_set_nonce: Added
+gnutls_mac_get_nonce_size: Added
+
+
+* Version 3.1.10 (released 2013-03-22)
+
+** certtool: When generating PKCS #12 files use by default the
+ARCFOUR (RC4) cipher to be compatible with devices that don't
+support AES with PKCS #12.
+
+** libgnutls: Load CA certificates in android 4.x systems.
+
+** libgnutls: Optimized CA certificate loading.
+
+** libgnutls: Private keys are overwritten on deinitialization.
+
+** libgnutls: PKCS #11 slots are scanned only when needed, not
+on initialization. This speeds up gnutls initialization when smart
+cards are present.
+
+** libgnutls: Corrected issue in the (deprecated) external key
+signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen.
+
+** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by
+Joke de Buhr.
+
+** libgnutls-dane: Updated DANE verification options.
+
+** configure: Trust store file must be explicitly set or unset when
+cross compiling.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_issuer_dn2: Added
+gnutls_x509_crt_get_dn2: Added
+gnutls_x509_crl_get_issuer_dn2: Added
+gnutls_x509_crq_get_dn2: Added
+gnutls_x509_trust_list_remove_trust_mem: Added
+gnutls_x509_trust_list_remove_trust_file: Added
+gnutls_x509_trust_list_remove_cas: Added
+gnutls_session_get_desc: Added
+gnutls_privkey_sign_raw_data: Added
+gnutls_privkey_status: Added
+
+
+* Version 3.1.9 (released 2013-02-27)
+
+** certtool: Option --to-p12 will now ask for a password to generate
+a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.
+
+** libgnutls: Corrected issue in gnutls_pubkey_verify_data().
+
+** libgnutls: Corrected parsing issue in XMPP within a subject
+alternative name. Reported by James Cloos.
+
+** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
+modules, and not only the ones loaded via p11-kit.
+
+** libgnutls: Added function to check whether the private key is
+still available (inserted).
+
+** libgnutls: Try to detect fork even during nonce generation.
+
+** API and ABI modifications:
+gnutls_handshake_set_random: Added
+gnutls_transport_set_int2: Added
+gnutls_transport_get_int2: Added
+gnutls_transport_get_int: Added
+gnutls_record_cork: Exported
+gnutls_record_uncork: Exported
+gnutls_pkcs11_privkey_status: Added
+
+
+* Version 3.1.8 (released 2013-02-10)
+
+** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return
+GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation
+with encrypted keys. Reported by Yan Fiz.
+
+** libgnutls: The minimum DH bits accepted by priorities NORMAL and
+PERFORMANCE was set to previous defaults 727 bits. Reported by Diego
+Elio Petteno.
+
+** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash()
+to operate with long keys. Reported by Erik A Jensen.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.1.7 (released 2013-02-04)
+
+** certtool: Added option "dn" which allows to directly set the DN
+in a template from an RFC4514 string.
+
+** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.
+
+** libgnutls-xssl: Added a new library to simplify GnuTLS usage.
+
+** libgnutls-dane: Added function to specify a DLV file.
+
+** libgnutls: Heartbeat code was made optional.
+
+** libgnutls: Fixes in server side of DTLS-0.9.
+
+** libgnutls: DN variable 'T' was expanded to 'title'.
+
+** libgnutls: Fixes in record padding parsing to prevent a timing attack.
+Issue reported by Kenny Paterson and Nadhem Alfardan.
+
+** libgnutls: Added functions to directly set the DN in a certificate
+or request from an RFC4514 string.
+
+** libgnutls: Optimizations in the random generator. The re-seeding of
+it is now explicitly done on every session deinit.
+
+** libgnutls: Simplified the DTLS sliding window implementation.
+
+** libgnutls: The minimum DH bits accepted by a client are now set
+by the specified priority string. The current values correspond to the
+previous defaults (727 bits), except for the SECURE128 and SECURE192
+strings which increase the minimum to 1248 and 1776 respectively.
+
+** libgnutls: Added the gnutls_record_cork() and uncork API to enable
+buffering in sending application data.
+
+** libgnutls: Removed default random padding, and added a length-hiding interface
+instead. Both the server and the client must support this extension. Whether
+length-hiding can be used on a given session can be checked using
+gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti.
+
+** libgnutls: Added the experimental %NEW_PADDING priority string. It enables
+a new padding mechanism in TLS allowing arbitrary padding in TLS records
+in all ciphersuites, which makes length-hiding more efficient and solves
+the issues with timing attacks on CBC ciphersuites.
+
+** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
+ciphers (i.e., AES-GCM). Reported by William McGovern.
+
+** API and ABI modifications:
+gnutls_db_check_entry_time: Added
+gnutls_record_set_timeout: Added
+gnutls_record_get_random_padding_status: Added
+gnutls_x509_crt_set_dn: Added
+gnutls_x509_crt_set_issuer_dn: Added
+gnutls_x509_crq_set_dn: Added
+gnutls_range_split: Added
+gnutls_record_send_range: Added
+gnutls_record_set_max_empty_records: Added
+gnutls_record_can_use_length_hiding: Added
+gnutls_rnd_refresh: Added
+xssl_deinit: Added
+xssl_flush: Added
+xssl_read: Added
+xssl_getdelim: Added
+xssl_write: Added
+xssl_printf: Added
+xssl_sinit: Added
+xssl_client_init: Added
+xssl_server_init: Added
+xssl_get_session: Added
+xssl_get_verify_status: Added
+xssl_cred_init: Added
+xssl_cred_deinit: Added
+dane_state_set_dlv_file: Added
+GNUTLS_SEC_PARAM_EXPORT: Added
+GNUTLS_SEC_PARAM_VERY_WEAK: Added
+
+
+* Version 3.1.6 (released 2013-01-02)
+
+** libgnutls: Fixed record padding parsing issue. Reported by Kenny
+Paterson and Nadhem Alfardan.
+
+** libgnutls: Several updates in the ASN.1 string handling subsystem.
+
+** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero
+policy qualifiers.
+
+** libgnutls: Ignore heartbeat messages when received out-of-order,
+instead of issuing an error.
+
+** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
+by Kikuchi Masashi.
+
+** libgnutls: TPM support is disabled by default because GPL programs
+cannot link with it. Use --with-tpm to enable it.
+
+** libgnutls-guile: Fixed parallel compilation issue.
+
+** gnutls-cli: It will try to connect to all possible returned addresses
+before failing.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.1.5 (released 2012-11-24)
+
+** libgnutls: Added functions to parse the certificates policies
+extension.
+
+** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished
+Name by translating it to UTF-8 (works on windows or systems with iconv).
+
+** libgnutls: Added PKCS #11 key generation function that returns the
+public key on generation.
+
+** libgnutls: Corrected bug in priority string parsing, that mostly
+affected combined levels. Patch by Tim Kosse.
+
+** certtool: The --pubkey-info option can be combined with the
+--load-privkey or --load-request to print the corresponding public keys.
+
+** certtool: It is able to set certificate policies via a template.
+
+** certtool: Added --hex-numbers option which prints big numbers in
+an easier to parse format.
+
+** p11tool: After key generation, outputs the public key (useful in
+tokens that do not store the public key).
+
+** danetool: It is being built even without libgnutls-dane (the
+--check functionality is disabled though).
+
+** API and ABI modifications:
+gnutls_pkcs11_privkey_generate2: Added
+gnutls_x509_crt_get_policy: Added
+gnutls_x509_crt_set_policy: Added
+gnutls_x509_policy_release: Added
+gnutls_pubkey_import_x509_crq: Added
+gnutls_pubkey_print: Added
+GNUTLS_CRT_PRINT_FULL_NUMBERS: Added
+
+
+* Version 3.1.4 (released 2012-11-10)
+
+** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on
+the available revocation data validity.
+
+** libgnutls: Added gnutls_certificate_verification_status_print(),
+a function to print the verification status code in human readable text.
+
+** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS.
+
+** libgnutls: Simplified certificate verification by adding
+gnutls_certificate_verify_peers3().
+
+** libgnutls: Added support for extension to establish keys for SRTP.
+Contributed by Martin Storsjo.
+
+** libgnutls: The X.509 verification functions check the key
+usage bits and pathlen constraints and on failure output
+GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE.
+
+** libgnutls: gnutls_x509_crl_verify() includes the time checks.
+
+** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN
+and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default.
+
+** libgnutls: Always tolerate key usage violation errors from the side
+of the peer, but also notify via an audit message.
+
+** gnutls-cli: Added --local-dns option.
+
+** danetool: Corrected bug that prevented loading PEM files.
+
+** danetool: Added --check option to allow querying and verifying
+a site's DANE data.
+
+** libgnutls-dane: Added pkg-config file for the library.
+
+** API and ABI modifications:
+gnutls_session_get_id2: Added
+gnutls_sign_is_secure: Added
+gnutls_certificate_verify_peers3: Added
+gnutls_ocsp_status_request_is_checked: Added
+gnutls_certificate_verification_status_print: Added
+gnutls_srtp_set_profile: Added
+gnutls_srtp_set_profile_direct: Added
+gnutls_srtp_get_selected_profile: Added
+gnutls_srtp_get_profile_name: Added
+gnutls_srtp_get_profile_id: Added
+gnutls_srtp_get_keys: Added
+gnutls_srtp_get_mki: Added
+gnutls_srtp_set_mki: Added
+gnutls_srtp_profile_t: Added
+dane_cert_type_name: Added
+dane_match_type_name: Added
+dane_cert_usage_name: Added
+dane_verification_status_print: Added
+GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added
+GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
+GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added
+GNUTLS_CERT_UNEXPECTED_OWNER: Added
+GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added
+
+
+* Version 3.1.3 (released 2012-10-12)
+
+** libgnutls: Added support for the OCSP Certificate Status
+extension.
+
+** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP
+certificate status extension in verification.
+
+** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl().
+
+** libgnutls: Increased maximum password length in the PKCS #12
+functions.
+
+** libgnutls: Fixed the receipt of session tickets during session resumption.
+Reported by danblack at http://savannah.gnu.org/support/?108146
+
+** libgnutls: Added functions to export structures in an allocated buffer.
+
+** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
+response corresponds to the given certificate.
+
+** libgnutls: In client side gnutls_init() enables the session ticket and
+OCSP certificate status request extensions by default. The flag
+GNUTLS_NO_EXTENSIONS can be used to prevent that.
+
+** libgnutls: Several updates in the OpenPGP code. The generating code
+is fully RFC6091 compliant and RFC5081 support is only supported in client
+mode.
+
+** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
+certificate verification.
+
+** gnutls-cli: Added --dane option to enable DANE certificate verification.
+
+** danetool: Added tool to generate DANE TLSA Resource Records (RR).
+
+** API and ABI modifications:
+gnutls_certificate_get_peers_subkey_id: Added
+gnutls_certificate_set_ocsp_status_request_function: Added
+gnutls_certificate_set_ocsp_status_request_file: Added
+gnutls_ocsp_status_request_enable_client: Added
+gnutls_ocsp_status_request_get: Added
+gnutls_ocsp_resp_check_crt: Added
+gnutls_dh_params_export2_pkcs3: Added
+gnutls_pubkey_export2: Added
+gnutls_x509_crt_export2: Added
+gnutls_x509_dn_export2: Added
+gnutls_x509_crl_export2: Added
+gnutls_pkcs7_export2: Added
+gnutls_x509_privkey_export2: Added
+gnutls_x509_privkey_export2_pkcs8: Added
+gnutls_x509_crq_export2: Added
+gnutls_openpgp_crt_export2: Added
+gnutls_openpgp_privkey_export2: Added
+gnutls_pkcs11_obj_export2: Added
+gnutls_pkcs12_export2: Added
+gnutls_pubkey_import_openpgp_raw: Added
+gnutls_pubkey_import_x509_raw: Added
+dane_state_init: Added
+dane_state_deinit: Added
+dane_query_tlsa: Added
+dane_query_status: Added
+dane_query_entries: Added
+dane_query_data: Added
+dane_query_deinit: Added
+dane_verify_session_crt: Added
+dane_verify_crt: Added
+dane_strerror: Added
+
+
+* Version 3.1.2 (released 2012-09-26)
+
+** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust()
+and gnutls_x509_trust_list_add_trust_mem() that prevented the loading
+of certificates in the windows platform.
+
+** libgnutls: Corrected bug in OpenPGP subpacket encoding.
+
+** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk.
+(the work was done during Google Summer of Code).
+
+** libgnutls: Added X.509 certificate verification flag
+GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
+of unsorted certificate chains and is enabled by default for
+TLS certificate verification (if gnutls_certificate_set_verify_flags()
+does not override it).
+
+** libgnutls: Prints warning on certificates that contain keys of
+an insecure level. If the %COMPAT priority flag is not specified
+the TLS connection fails.
+
+** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
+if interrupted during the retrasmition of handshake data.
+
+** libgnutls: Better mingw32 support (patch by LRN).
+
+** libgnutls: The %COMPAT keyword, if specified, will tolerate
+key usage violation errors (they are far too common to ignore).
+
+** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
+which provides a tool to counter compression-related attacks where
+parts of the data are controlled by the attacker _and_ are placed in
+separate records (use with care - do not use compression if not sure).
+
+** libgnutls: Depends on libtasn1 2.14 or later.
+
+** certtool: Prints the number of bits of the public key algorithm
+parameter in a private key.
+
+** API and ABI modifications:
+gnutls_x509_privkey_get_pk_algorithm2: Added
+gnutls_heartbeat_ping: Added
+gnutls_heartbeat_pong: Added
+gnutls_heartbeat_allowed: Added
+gnutls_heartbeat_enable: Added
+gnutls_heartbeat_set_timeouts: Added
+gnutls_heartbeat_get_timeout: Added
+GNUTLS_SEC_PARAM_WEAK: Added
+GNUTLS_SEC_PARAM_INSECURE: Added
+
+* Version 3.1.1 (released 2012-09-02)
+
+** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.
+
+** certtool: Changes in password handling of certtool.
+Ask password when required and only if the '--password' option is not
+given. If the '--password' option is given during key generation then
+assume the PKCS #8 file format, instead of ignoring the password.
+
+** tpmtool: No longer asks for key password in registered keys.
+
+** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin.
+wmNAF is now used for point multiplication and other optimizations.
+(the major part of the work was done during Google Summer of Code).
+
+** libgnutls: The default pull_timeout_function only uses select
+instead of a combination of select() and recv() to prevent issues
+when used in stream sockets in some systems.
+
+** libgnutls: Be tolerant in ECDSA signature violations (e.g. using
+SHA256 with a SECP384 curve instead of SHA-384), to interoperate with
+openssl.
+
+** libgnutls: Fixed DSA and ECDSA signature generation in smart
+cards. Thanks to Andreas Schwier from cardcontact.de for providing
+me with ECDSA capable smart cards.
+
+** API and ABI modifications:
+gnutls_sign_algorithm_get: Added
+gnutls_sign_get_hash_algorithm: Added
+gnutls_sign_get_pk_algorithm: Added
+
+
+* Version 3.1.0 (released 2012-08-15)
+
+** libgnutls: Added direct support for TPM as a cryptographic module
+in gnutls/tpm.h. TPM keys can be used in functions accepting files
+using URLs of the following types:
+ tpmkey:file=/path/to/file
+ tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user
+
+** libgnutls: Priority string level keywords can be combined.
+For example the string "SECURE256:+SUITEB128" is now allowed.
+
+** libgnutls: requires libnettle 2.5.
+
+** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5)
+for encryption and signatures.
+
+** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
+generic errors and signature verification errors in the verification
+functions.
+
+** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function
+to simplify parsing in most PKCS #12 use cases.
+
+** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds
+the whole certificate chain (if any) to the credentials structure, instead
+of only the end-user certificate.
+
+** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse()
+and gnutls_x509_privkey_import_pkcs8(), return consistently
+GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no
+password was provided.
+
+** libgnutls: Added gnutls_handshake_set_timeout() a function that
+allows to set the maximum time spent in a handshake.
+
+** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
+by Alexandre Bique.
+
+** tpmtool: Added. It is a tool to generate private keys in the
+TPM.
+
+** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx
+and --benchmark-tls-ciphers
+
+** certtool: generated PKCS #12 structures may hold more than one
+private key. Patch by Lucas Fisher.
+
+** certtool: Added option --null-password to generate/decrypt keys
+that use a NULL password (in schemas that distinguish between NULL
+an empty passwords).
+
+** minitasn1: Upgraded to libtasn1 version 2.13.
+
+** API and ABI modifications:
+GNUTLS_CERT_SIGNATURE_FAILURE: Added
+GNUTLS_CAMELLIA_192_CBC: Added
+GNUTLS_PKCS_NULL_PASSWORD: Added
+gnutls_url_is_supported: Added
+gnutls_pkcs11_obj_list_import_url2: Added
+gnutls_pkcs11_obj_set_pin_function: Added
+gnutls_pkcs11_privkey_set_pin_function: Added
+gnutls_pkcs11_get_pin_function: Added
+gnutls_privkey_import_tpm_raw: Added
+gnutls_privkey_import_tpm_url: Added
+gnutls_privkey_import_pkcs11_url: Added
+gnutls_privkey_import_openpgp_raw: Added
+gnutls_privkey_import_x509_raw: Added
+gnutls_privkey_import_ext2: Added
+gnutls_privkey_import_url: Added
+gnutls_privkey_set_pin_function: Added
+gnutls_tpm_privkey_generate: Added
+gnutls_tpm_key_list_deinit: Added
+gnutls_tpm_key_list_get_url: Added
+gnutls_tpm_get_registered: Added
+gnutls_tpm_privkey_delete: Added
+gnutls_pubkey_import_tpm_raw: Added
+gnutls_pubkey_import_tpm_url: Added
+gnutls_pubkey_import_url: Added
+gnutls_pubkey_verify_hash2: Added
+gnutls_pubkey_set_pin_function: Added
+gnutls_x509_privkey_import2: Added
+gnutls_x509_privkey_import_openssl: Added
+gnutls_x509_crt_set_pin_function: Added
+gnutls_load_file: Added
+gnutls_pkcs12_simple_parse: Added
+gnutls_certificate_set_x509_system_trust: Added
+gnutls_certificate_set_pin_function: Added
+gnutls_x509_trust_list_add_system_trust: Added
+gnutls_x509_trust_list_add_trust_file: Added
+gnutls_x509_trust_list_add_trust_mem: Added
+gnutls_pk_to_sign: Added
+gnutls_handshake_set_timeout: Added
+gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
+gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
+
+
+* Version 3.0.22 (released 2012-08-04)
+
+** libgnutls: gnutls_certificate_set_x509_system_trust()
+is now supported on OpenBSD.
+
+** libgnutls: When verifying a certificate chain make sure it is chain.
+If the chain is wronly interrupted at some point then truncate it,
+and only try to verify the correct part. Patch by David Woodhouse
+
+** libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8()
+which now may (again) accept a NULL password.
+
+** certtool: Allow the user to choose the hash algorithm
+when signing certificate request or certificate revocation list.
+Patch by Petr Písař.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.21 (released 2012-07-02)
+
+** libgnutls: fixed bug in gnutls_x509_privkey_import()
+that prevented the loading of EC private keys when DER
+encoded. Reported by David Woodhouse.
+
+** libgnutls: In DTLS larger to mtu records result to
+GNUTLS_E_LARGE_PACKET instead of being truncated.
+
+** libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based
+on patch by David Woodhouse.
+
+** libgnutls: Fixed memory leak in PKCS #8 key import.
+
+** libgnutls: Added support for an old version of the DTLS protocol
+used by openconnect vpn client for compatibility with Cisco's AnyConnect
+SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols
+as it has issues.
+
+** libgnutls: Corrected bug that prevented resolving PKCS #11 URLs
+if only the label is specified. Patch by David Woodhouse.
+
+** libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET
+is returned.
+
+** API and ABI modifications:
+gnutls_dtls_set_data_mtu: Added
+gnutls_session_set_premaster: Added
+
+
+* Version 3.0.20 (released 2012-06-05)
+
+** libgnutls: Corrected bug which prevented the parsing of
+handshake packets spanning multiple records.
+
+** libgnutls: Check key identifiers when checking for an issuer.
+
+** libgnutls: Added gnutls_pubkey_verify_hash2()
+
+** libgnutls: Added gnutls_certificate_set_x509_system_trust()
+that loads the trusted CA certificates from system locations
+(e.g. trusted storage in windows and CA bundle files in other systems).
+
+** certtool: Added support for the URI subject alternative
+name type in certtool.
+
+** certtool: Increase to 128 the maximum number of distinct options
+(e.g. dns_names) allowed.
+
+** gnutls-cli: If --print-cert is given, print the certificate,
+even on verification failure.
+
+** API and ABI modifications:
+gnutls_pk_to_sign: Added
+gnutls_pubkey_verify_hash2: Added
+gnutls_certificate_set_x509_system_trust: Added
+
+
+* Version 3.0.19 (released 2012-04-22)
+
+** libgnutls: When decoding a PKCS #11 URL the pin-source field
+is assumed to be a file that stores the pin. Based on patch
+by David Smith.
+
+** libgnutls: gnutls_record_check_pending() no longer
+returns unprocessed data, and thus ensure the non-blocking
+of the next call to gnutls_record_recv().
+
+** libgnutls: Added strict tests in Diffie-Hellman and
+SRP key exchange public keys.
+
+** libgnutls: in ECDSA and DSA TLS 1.2 authentication be less
+strict in hash selection, and allow a stronger hash to
+be used than the appropriate, to improve interoperability
+with openssl.
+
+** tests: Disabled floating point test, and corrections
+in pkcs12 decoding tests.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.18 (released 2012-04-02)
+
+** certtool: Avoid a Y2K38 bug when generating certificates.
+Patch by Robert Millan.
+
+** libgnutls: Make sure that GNUTLS_E_PREMATURE_TERMINATION
+is returned on premature termination (and added unit test).
+
+** libgnutls: Fixes for W64 API. Patch by B. Scott Michel.
+
+** libgnutls: Corrected VIA padlock detection for old
+VIA processors. Reported by Kris Karas.
+
+** libgnutls: Updated assembler files.
+
+** libgnutls: Time in generated certificates is stored
+as GeneralizedTime instead of UTCTime (which only stores
+2 digits of a year).
+
+** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
+
+** API and ABI modifications:
+gnutls_x509_crt_set_private_key_usage_period: Added
+gnutls_x509_crt_get_private_key_usage_period: Added
+gnutls_x509_crq_set_private_key_usage_period: Added
+gnutls_x509_crq_get_private_key_usage_period: Added
+gnutls_session_get_random: Added
+
+
+* Version 3.0.17 (released 2012-03-17)
+
+** command line apps: Always link with local libopts.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.16 (released 2012-03-16)
+
+** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release).
+
+** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2.
+
+** libgnutls: included assembler files for MacOSX.
+
+** p11tool: Small fixes in handling of the --private command
+line option.
+
+** certtool: The template option allows for setting the domain
+component (DC) option of the distinguished name, and the ocsp_uri
+as well as the ca_issuers_uri options.
+
+** API and ABI modifications:
+gnutls_x509_crt_set_authority_info_access: Added
+
+
+* Version 3.0.15 (released 2012-03-02)
+
+** test suite: Only run under valgrind in the development
+system (the full git repository)
+
+** command line apps: Link with local libopts if the
+installed is an old one.
+
+** libgnutls: Eliminate double free during SRP
+authentication. Reported by Peter Penzov.
+
+** libgnutls: Corrections in record packet parsing.
+Reported by Matthew Hall.
+
+** libgnutls: Cryptodev updates and fixes.
+
+** libgnutls: Corrected issue with select() that affected
+FreeBSD. This prevented establishing DTLS sessions.
+Reported by Andreas Metzler.
+
+** libgnutls: Corrected rehandshake and resumption
+operations in DTLS. Reported by Sean Buckheister.
+
+** libgnutls: PKCS #11 objects that do not have ID
+no longer crash listing. Reported by Sven Geggus.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.14 (released 2012-02-24)
+
+** command line apps: Included libopts doesn't get installed
+by default.
+
+** libgnutls: Eliminate double free on wrongly formatted
+certificate list. Reported by Remi Gacogne.
+
+** libgnutls: cryptodev code corrected, updated to account
+for hashes and GCM mode.
+
+** libgnutls: Eliminated memory leak in PCKS #11 initialization.
+Report and fix by Sam Varshavchik.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.13 (released 2012-02-18)
+
+** gnutls-cli: added the --ocsp option which will verify
+the peer's certificate with OCSP.
+
+** gnutls-cli: added the --tofu option and if specified, gnutls-cli
+will use an ssh-style authentication method.
+
+** gnutls-cli: if no --x509cafile is provided a default is
+assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.
+
+** ocsptool: Added --ask parameter, to verify a certificate's
+status from an ocsp server.
+
+** command line apps: Use gnu autogen (libopts) to parse command
+line arguments and template files.
+
+** tests: Added stress test for DTLS packet losses and
+out-of-order receival. Contributed by Sean Buckheister.
+
+** libgnutls: Several updates and corrections in the DTLS
+DTLS lost packet handling and retransmission timeouts.
+Report and patches by Sean Buckheister.
+
+** libgnutls: Added new functions to easily allow the usage of
+a trust on first use (SSH-style) authentication.
+
+** libgnutls: SUITEB128 and SUITEB192 priority strings account
+for the RFC6460 requirements.
+
+** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY
+to account for security level of 96-bits.
+
+** libgnutls: In client side if server does not advertise any
+known CAs and only a single certificate is set in the credentials,
+sent that one.
+
+** libgnutls: Added functions to parse authority key identifiers
+when stored as a 'general name' and serial combo.
+
+** libgnutls: Added function to force explicit reinitialization
+of PKCS #11 modules. This is required on the child process after
+a fork (if PKCS #11 functionality is desirable).
+
+** libgnutls: Depend on p11-kit 0.11.
+
+** API and ABI modifications:
+gnutls_dtls_get_timeout: Added
+gnutls_verify_stored_pubkey: Added
+gnutls_store_pubkey: Added
+gnutls_store_commitment: Added
+gnutls_x509_crt_get_authority_key_gn_serial: Added
+gnutls_x509_crl_get_authority_key_gn_serial: Added
+gnutls_pkcs11_reinit: Added
+gnutls_ecc_curve_list: Added
+gnutls_priority_certificate_type_list: Added
+gnutls_priority_sign_list: Added
+gnutls_priority_protocol_list: Added
+gnutls_priority_compression_list: Added
+gnutls_priority_ecc_curve_list: Added
+gnutls_tdb_init: Added
+gnutls_tdb_set_store_func: Added
+gnutls_tdb_set_store_commitment_func: Added
+gnutls_tdb_set_verify_func: Added
+gnutls_tdb_deinit: Added
+
+
+* Version 3.0.12 (released 2012-01-20)
+
+** libgnutls: Added OCSP support.
+There is a new header file gnutls/ocsp.h and a set of new functions
+under the gnutls_ocsp namespace. Currently the functionality provided
+is to parse and extract information from OCSP requests/responses, to
+generate OCSP requests and to verify OCSP responses. See the manual
+for more information. Run ./configure with --disable-ocsp to build
+GnuTLS without OCSP support.
+
+This work was sponsored by Smoothwall <http://smoothwall.net/>.
+
+** ocsptool: Added new command line tool.
+The tool can parse OCSP request/responses, generate OCSP requests and
+verify OCSP responses. See the manual for more information.
+
+** certtool: --outder option now works for private
+and public keys as well.
+
+** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
+to warn when no or insufficient priorities were set.
+
+** libgnutls: Corrected an alignment issue in ECDH
+key generation which prevented some keys from being
+correctly aligned in rare circumstances.
+
+** libgnutls: Corrected memory leaks in DH parameter
+generation and ecc_projective_check_point().
+
+** libgnutls: Added gnutls_x509_dn_oid_name() to
+return a descriptive name of a DN OID.
+
+** API and ABI modifications:
+gnutls_pubkey_encrypt_data: Added
+gnutls_x509_dn_oid_name: Added
+gnutls_session_resumption_requested: Added
+gnutls/ocsp.h: Added new header file.
+gnutls_ocsp_print_formats_t: Added new type.
+gnutls_ocsp_resp_status_t: Added new type.
+gnutls_ocsp_cert_status_t: Added new type.
+gnutls_x509_crl_reason_t: Added new type.
+gnutls_ocsp_req_add_cert: Added.
+gnutls_ocsp_req_add_cert_id: Added.
+gnutls_ocsp_req_deinit: Added.
+gnutls_ocsp_req_export: Added.
+gnutls_ocsp_req_get_cert_id: Added.
+gnutls_ocsp_req_get_extension: Added.
+gnutls_ocsp_req_get_nonce: Added.
+gnutls_ocsp_req_get_version: Added.
+gnutls_ocsp_req_import: Added.
+gnutls_ocsp_req_init: Added.
+gnutls_ocsp_req_print: Added.
+gnutls_ocsp_req_randomize_nonce: Added.
+gnutls_ocsp_req_set_extension: Added.
+gnutls_ocsp_req_set_nonce: Added.
+gnutls_ocsp_resp_deinit: Added.
+gnutls_ocsp_resp_export: Added.
+gnutls_ocsp_resp_get_certs: Added.
+gnutls_ocsp_resp_get_extension: Added.
+gnutls_ocsp_resp_get_nonce: Added.
+gnutls_ocsp_resp_get_produced: Added.
+gnutls_ocsp_resp_get_responder: Added.
+gnutls_ocsp_resp_get_response: Added.
+gnutls_ocsp_resp_get_signature: Added.
+gnutls_ocsp_resp_get_signature_algorithm: Added.
+gnutls_ocsp_resp_get_single: Added.
+gnutls_ocsp_resp_get_status: Added.
+gnutls_ocsp_resp_get_version: Added.
+gnutls_ocsp_resp_import: Added.
+gnutls_ocsp_resp_init: Added.
+gnutls_ocsp_resp_print: Added.
+gnutls_ocsp_resp_verify: Added.
+
+* Version 3.0.11 (released 2012-01-06)
+
+** libgnutls: Corrected functionality of
+gnutls_record_get_direction(). Reported by Philip Allison.
+
+** libgnutls: Provide less timing information when decoding
+TLS/DTLS record packets. Patch by Nadhem Alfardan.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.10 (released 2012-01-04)
+
+** gnutls-cli/serv: Set don't fragment bit in DTLS sessions
+in Linux as well as in BSD.
+
+** gnutls-cli: Fixed reading from windows terminals.
+
+** libgnutls: When GNUTLS_OPENPGP_FMT_BASE64 is specified
+the stream is assumed to be base64 encoded (previously
+the encoding was auto-detected). This avoids a decoding
+issue in windows systems.
+
+** libgnutls: Corrected ciphersuite GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384
+
+** libgnutls: Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384
+and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384.
+
+** libgnutls: Added function gnutls_random_art() to convert
+fingerprints to images (currently ascii-art).
+
+** libgnutls: Corrected bug in DSA private key parsing, which
+prevented the verification of the key.
+
+** API and ABI modifications:
+gnutls_random_art: Added
+
+
+* Version 3.0.9 (released 2011-12-13)
+
+** certtool: Added new parameter --dh-info.
+
+** certtool: -l option was overloaded so if combined with --priority
+it will only list the ciphersuites that are enabled by the given
+priority string.
+
+** libgnutls: Added new priority string %SERVER_PRECEDENCE, which
+changes the ciphersuite selection procedure. If specified the server
+priorities will be used for selection instead of the client's.
+
+** libgnutls: Optimizations in Diffie-Hellman parameters generation
+and key exchange.
+
+** libgnutls: When session tickets are negotiated and used in a
+session, a server will not store that session data into its cache.
+
+** libgnutls: Added the SECP192R1 curve.
+
+** libgnutls: Added gnutls_priority_get_cipher_suite_index() to
+allow listing the ciphersuites enabled in a priority structure.
+It outputs an index to be used in gnutls_get_cipher_suite_info().
+
+** libgnutls: Optimizations in the elliptic curve code --timing
+attacks resistant code is only used in ECDSA private key operations.
+
+** doc: man pages for API functions generation was fixed and are
+now added again in the distribution.
+
+** API and ABI modifications:
+GNUTLS_ECC_CURVE_SECP192R1: New curve definition
+gnutls_priority_get_cipher_suite_index: Added
+
+
+* Version 3.0.8 (released 2011-11-12)
+
+** certtool: Certtool -e returns error code on verification
+failure.
+
+** certtool: Verifies parameters of generated keys.
+
+** libgnutls: Corrected ECC key generation (introduced in 3.0.6)
+
+** libgnutls: Provide less timing information when decoding
+TLS/DTLS record packets.
+
+** doc: man pages for API functions were removed.
+The reason was that the code that auto-generated the man pages missed
+many APIs and we couldn't fix it (volunteers welcome). See the info
+manual or the GTK-DOC manual instead.
+
+** API and ABI modifications:
+gnutls_x509_privkey_verify_params: Added
+
+
+* Version 3.0.7 (released 2011-11-08)
+
+** libgnutls: Corrected fix in gnutls_session_get_data()
+to report the actual session size when the provided buffer
+is not enough.
+
+** libgnutls: Fixed ciphersuite GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
+which was using a wrong MAC algorithm. Reported by Fabrice Gautier.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.6 (released 2011-11-07)
+
+** gnutls-guile: Compilation fixes.
+
+** libgnutls: Fixed possible buffer overflow in
+gnutls_session_get_data(). Reported and fix by Alban Crequy.
+
+** libgnutls: Bug fixes in the ciphersuites with NULL cipher.
+Reported by Fabrice Gautier.
+
+** libgnutls: Bug fixes in ECC code for 64-bit MIPS systems.
+Thanks to Joseph Graham for providing access to such a system.
+
+** libgnutls: Correctly report ECC private key parsing errors.
+Reported by Fabrice Gautier.
+
+** libgnutls: In ECDHE verify that the received point lies on
+the selected curve. The ECDHE ciphersuites now take precendence
+to plain DHE.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.5 (released 2011-10-27)
+
+** libgnutls-extra: is no more
+
+** libgnutls: Corrections in order to compile with mingw32.
+
+** libgnutls: Corrections in VIA padlock code for VIA C5 processor
+and new detection of PHE with support for partial hashing.
+
+** libgnutls: Corrected bug in gnutls_x509_data2hex. Report and fix
+by Vincent Untz.
+
+** minitasn1: Upgraded to libtasn1 version 2.10.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 3.0.4 (released 2011-10-15)
+
+** libgnutls-extra: gnutls_register_md5_handler() was
+removed.
+
+** gnutls-cli-debug: Added more tests including AES-GCM,
+SHA256 and elliptic curves.
+
+** gnutls-cli: Added --benchmark-soft-ciphers to benchmark
+the software version of the ciphers instead of hw accelerated
+(where available)
+
+** libgnutls: Public key ID calculation is consistent among
+all structures. It uses a SHA-1 hash of the subjectPublicKeyInfo.
+
+** libgnutls: gnutls_privkey_t allows setting external callback
+to perform signing or decryption. Can be set using
+gnutls_privkey_import_ext()
+
+** libgnutls: A certificate credentials structure can be
+used with a gnutls_privkey_t and a gnutls_pcert_st
+structure using gnutls_certificate_set_key().
+
+** libgnutls: Fixes to enable external signing callback to
+operate with TLS 1.2.
+
+** libgnutls: Fixed crash when printing ECDSA certificate key
+ID. Reported by Erik Jensen.
+
+** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks
+show a 50x increase in AES speed and a 14x increase in VIA nano. Added
+support for hashes and HMACs.
+
+** libgnutls: Compilation fixed when p11-kit is not detected.
+
+** libgnutls: Fixed the deflate compression code.
+
+** libgnutls: Added gnutls_x509_crt_get_authority_info_access.
+Used to get the PKIX Authority Information Access (AIA) field.
+
+** libgnutls: gnutls_x509_crt_print supports printing AIA fields.
+
+** libgnutls: Added ability to gnutls_privkey_t to operate with
+signing callback function.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_authority_info_access (x509.h): Added function.
+gnutls_privkey_import_ext: Added function.
+gnutls_certificate_set_key: Added function.
+gnutls_info_access_what_t (x509.h): Added enum.
+GNUTLS_OID_AIA (x509.h): Added symbol.
+GNUTLS_OID_AD_OCSP (x509.h): Added symbol.
+GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol.
+
+* Version 3.0.3 (released 2011-09-18)
+
+** libgnutls: Added gnutls_record_get_discarded() to return the
+number of discarded records in a DTLS session.
+
+** libgnutls: All functions related to RSA-EXPORT were deprecated.
+Support for RSA-EXPORT ciphersuites will be ceased in future versions.
+
+** libgnutls: Memory leak fixes in credentials private key
+deinitialization. Reported by Dan Winship.
+
+** libgnutls: Memory leak fixes in ECC ciphersuites.
+
+** libgnutls: Do not send an empty extension structure in server
+hello. This affected old implementations that do not support extensions.
+Reported by J. Cameijo Cerdeira.
+
+** libgnutls: Allow CA importing of 0 certificates to succeed.
+Reported by Jonathan Nieder <jrnieder@gmail.com> in
+<http://bugs.debian.org/640639>.
+
+** libgnutls: Added support for VIA padlock AES optimizations.
+(disabled by default)
+
+** libgnutls: Added support for elliptic curves in
+PKCS #11.
+
+** libgnutls: Added gnutls_pkcs11_privkey_generate()
+to allow generating a key in a token.
+
+** p11tool: Added generate-rsa, generate-dsa and
+generate-ecc options to allow generating private
+keys in the token.
+
+** libgnutls: gnutls_transport_set_lowat dummy macro was
+removed.
+
+** API and ABI modifications:
+gnutls_pkcs11_privkey_generate: Added
+gnutls_pubkey_import_ecc_raw: Added
+gnutls_pubkey_import_ecc_x962: Added
+gnutls_pubkey_get_pk_ecc_x962: Added
+gnutls_record_get_discarded: Added
+
+
+* Version 3.0.2 (released 2011-09-01)
+
+** libgnutls: OpenPGP certificate type is not enabled
+by default.
+
+** libgnutls: Added %NO_EXTENSIONS priority string.
+
+** libgnutls: Corrected issue in gnutls_record_recv()
+triggered on encryption or compression error.
+
+** libgnutls: Compatibility fixes in CPU ID detection
+for i386 and old GCC.
+
+** gnutls-cli: Benchmark applications were incorporated
+with it.
+
+** libgnutls: Corrected parsing of XMPP subject
+alternative names.
+
+** libgnutls: Allow for out-of-order ChangeCipherSpec
+message in DTLS.
+
+** libgnutls: gnutls_certificate_set_x509_key() and
+gnutls_certificate_set_openpgp_key() operate as in 2.10.x
+and allow the release of the private key during the
+lifetime of the certificate structure.
+
+** API and ABI modifications:
+GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag
+
+
+* Version 3.0.1 (released 2011-08-20)
+
+** libgnutls: gnutls_certificate_set_x509_key_file() and
+friends support server name indication. If multiple
+certificates are set using these functions the proper one
+will be selected during a handshake.
+
+** libgnutls: Added AES-256-GCM which was left out from
+the previous release. Reported by Benjamin Hof.
+
+** libgnutls: When asking for a PKCS# 11 PIN multiple
+times, the flags in the callback were not being updated
+to reflect for PIN low count or final try.
+
+** libgnutls: Do not allow second instances of PKCS #11
+modules.
+
+** libgnutls: fixed alignment issue in AES-NI code.
+
+** libgnutls: The config file at gnutls_pkcs11_init()
+is being read if provided.
+
+** libgnutls: Ensure that a certificate list specified
+using gnutls_certificate_set_x509_key() and friends, is
+sorted according to TLS specification (from subject to issuer).
+
+** libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
+gnutls_x509_crt_list_import. It checks whether the list to be
+imported is properly sorted.
+
+** crywrap: Added to the distribution. It is an application
+that proxies TLS session to a port using a plaintext service.
+
+** doc: Many GTK-DOC improvements.
+
+** i18n: Translations were updated.
+
+** API and ABI modifications:
+GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: New element in gnutls_certificate_import_flags
+GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback
+
+
+* Version 3.0.0 (released 2011-07-29)
+
+** libgnutls: writev_emu: stop on the first incomplete write. Patch by
+Sjoerd Simons.
+
+** libgnutls: Fix zlib handling in gnutls.pc. Patch by Andreas
+Metzler.
+
+** certtool: bug fixes in certificate request generation. Patch
+by Petr Písař.
+
+** API and ABI modifications:
+gnutls_pcert_list_import_x509_raw: ADDED
+
+
+* Version 2.99.4 (released 2011-07-23)
+
+** doc: documentation updates.
+
+** libgnutls: gnutls_rsa_params_t is now identical to gnutls_x509_privkey_t
+to avoid thread-safety issues. Reported by Sam Varshavchik.
+
+** libgnutls: Added compatibility mode with /etc/gnutls/pkcs11.conf
+
+** libgnutls: license upgraded to LGPLv3
+
+** libgnutls: gnutls_srp_verifier() returns data allocated with gnutls_malloc()
+for consistency.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 2.99.3 (released 2011-06-18)
+
+** libgnutls: Added new PKCS #11 flags to force an object being private or
+not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)
+
+** libgnutls: Added SUITEB128 and SUITEB192 priority
+strings to enable the NSA SuiteB cryptography ciphersuites.
+
+** libgnutls: Added gnutls_pubkey_verify_data2() that will
+verify data provided the signature algorithm.
+
+** libgnutls: Simplified the handling of handshake messages to
+be hashed. Instead of hashing during the handshake process we now
+keep the data until handshake is over and hash them on request.
+This uses more memory but eliminates issues with TLS 1.2 and
+simplifies code.
+
+** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ
+instruction. Uses Andy Polyakov's assembly code.
+
+** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and
+gnutls_x509_trust_list_verify_named_crt() that allow having a
+list of certificates in the trusted list that will be associated
+with a name (e.g. server name) and will not be used as CAs.
+
+** libgnutls: PKCS #11 back-end rewritten to use p11-kit
+http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by
+Stef Walter.
+
+** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489).
+
+** API and ABI modifications:
+gnutls_pubkey_verify_data2: ADDED
+gnutls_ecc_curve_get: ADDED
+gnutls_x509_trust_list_add_named_crt: ADDED
+gnutls_x509_trust_list_verify_named_crt: ADDED
+gnutls_x509_privkey_verify_data: REMOVED
+gnutls_crypto_bigint_register: REMOVED
+gnutls_crypto_cipher_register: REMOVED
+gnutls_crypto_digest_register: REMOVED
+gnutls_crypto_mac_register: REMOVED
+gnutls_crypto_pk_register: REMOVED
+gnutls_crypto_rnd_register: REMOVED
+gnutls_crypto_single_cipher_register: REMOVED
+gnutls_crypto_single_digest_register: REMOVED
+gnutls_crypto_single_mac_register: REMOVED
+GNUTLS_KX_ECDHE_PSK: New key exchange method
+GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag.
+GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag.
+GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag.
+
+
+* Version 2.99.2 (released 2011-05-26)
+
+** libgnutls: Added Elliptic curve support. This is not
+enabled by default. Requires priority strings:
++CURVE-ALL: to add all supported curves
++ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate
++ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate
++ANON-ECDHE: to add anonymous ECDH
+
+** libgnutls: PKCS #11 URLs conform to the latest draft
+being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04.
+
+** certtool: Can now load private keys and public keys from PKCS #11 tokens
+via URLs.
+
+** libgnutls: Added gnutls_global_set_audit_log_function() that allows
+to get important auditing information including the corresponding session.
+That might be useful to block DoS or other attacker from specific IPs.
+
+** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read
+the public key algorithm of the key.
+
+** libgnutls: Added gnutls_certificate_get_issuer() and
+gnutls_x509_trust_list_get_issuer() to compensate for the
+missing gnutls_certificate_get_x509_cas().
+
+** libgnutls: Added gnutls_x509_crq_verify() to allow
+verification of the self signature in a certificate request.
+This allows verifying whether the owner of the private key
+is the generator of the request.
+
+** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies
+the self signature of the request.
+
+** API and ABI modifications:
+gnutls_certificate_get_issuer: ADDED
+gnutls_x509_trust_list_get_issuer: ADDED
+gnutls_x509_crq_verify: ADDED
+gnutls_global_set_audit_log_function: ADDED
+gnutls_ecc_curve_get_name: ADDED
+gnutls_ecc_curve_get_size: ADDED
+gnutls_x509_privkey_import_ecc_raw: ADDED
+gnutls_x509_privkey_export_ecc_raw: ADDED
+gnutls_global_set_time_function: ADDED
+
+GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code
+GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code
+GNUTLS_KX_ECDHE_RSA: New key exchange method
+GNUTLS_KX_ECDHE_ECDSA: New key exchange method
+GNUTLS_KX_ANON_ECDH: New key exchange method
+GNUTLS_PK_ECC: New public key algorithm
+GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm
+GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm
+GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm
+GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm
+GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm
+GNUTLS_ECC_CURVE_INVALID: New curve definition
+GNUTLS_ECC_CURVE_SECP224R1: New curve definition
+GNUTLS_ECC_CURVE_SECP256R1: New curve definition
+GNUTLS_ECC_CURVE_SECP384R1: New curve definition
+GNUTLS_ECC_CURVE_SECP521R1: New curve definition
+
+
+* Version 2.99.1 (released 2011-04-23)
+
+** libgnutls: LZO support was removed.
+
+** libgnutls: Corrections in SSLv2 client hello parsing.
+
+** libgnutls: Added support for AES-NI if detected. Uses
+Andy Polyakov's AES-NI code.
+
+** libgnutls: Restored HMAC-MD5 for compatibility. Although considered
+weak, several sites require it for connection. It is enabled for
+"NORMAL" and "PERFORMANCE" priority strings.
+
+** libgnutls: depend on libdl.
+
+** libgnutls-extra: Dropped support of LZO compression via liblzo.
+
+** libgnutls: gnutls_transport_set_global_errno() was removed. This
+function required GnuTLS to access system specific data, for no reason.
+Use gnutls_transport_set_errno(), or your system's errno fascility
+instead.
+
+** libgnutls: Added gnutls_certificate_set_retrieve_function2()
+to set a callback to retrieve a certificate. The certificate is
+received in a format that requires no processing from gnutls thus
+it is suitable when performance is required.
+
+** API and ABI modifications:
+gnutls_transport_set_global_errno: REMOVED
+gnutls_certificate_set_retrieve_function2: ADDED
+
+* Version 2.99.0 (released 2011-04-09)
+
+** libgnutls: Added Datagram TLS support.
+
+** libgnutls: Uses a single configure file and a single
+gnulib library to save space.
+
+** libgnutls: Several bug fixes.
+
+** libgnutls: gnutls_transport_set_lowat() is no more.
+
+** libgnutls-openssl: modified to use modern gnutls' functions.
+This introduces an ABI incompatibility with previous versions.
+
+** libgnutls: Corrected signature generation and verification
+in the Certificate Verify message when in TLS 1.2. Reported
+by Todd A. Ouska.
+
+** libgnutlsxx: The C++ interface returns exception on
+every error and not only on fatal ones. This allows easier
+handling of errors.
+
+** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored
+the PSK callback.
+
+** libgnutls: SRP and PSK are no longer set on the default priorities.
+They have to be explicitly set.
+
+** libgnutls: During handshake message verification using DSS
+use the hash algorithm required by it.
+
+** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION
+on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH.
+
+** libgnutls: Added GCM mode (interoperates with tls.secg.org)
+
+** libgnutls-extra: Inner application extension was removed.
+It was never standardized nor published as an RFC.
+
+** libgnutls: Added new certificate verification functions, that
+can provide more details and are more efficient. Check
+gnutls_x509_trust_list_*.
+
+** certtool: Uses the new certificate verification functions for
+--verify-chain.
+
+** certtool: Added new certificate verification functionality
+using the --verify option. Combined with --load-ca-certificate
+it can verify a certificate chain against a list of certificates.
+
+** Several files unnecessarily included <gcrypt.h>; this has been fixed.
+
+** API and ABI modifications:
+gnutls_dtls_set_timeouts: ADDED
+gnutls_dtls_get_mtu: ADDED
+gnutls_dtls_get_data_mtu: ADDED
+gnutls_dtls_set_mtu: ADDED
+gnutls_dtls_cookie_send: ADDED
+gnutls_dtls_cookie_verify: ADDED
+gnutls_dtls_prestate_set: ADDED
+gnutls_x509_trust_list_verify_crt: ADDED
+gnutls_x509_trust_list_add_crls: ADDED
+gnutls_x509_trust_list_add_cas: ADDED
+gnutls_x509_trust_list_init: ADDED
+gnutls_x509_trust_list_deinit: ADDED
+gnutls_cipher_add_auth: ADDED
+gnutls_cipher_tag: ADDED
+gnutls_psk_netconf_derive_key: REMOVED
+gnutls_certificate_verify_peers: REMOVED
+gnutls_session_set_finished_function: REMOVED
+gnutls_ext_register: REMOVED
+gnutls_certificate_get_x509_crls: REMOVED
+gnutls_certificate_get_x509_cas: REMOVED
+gnutls_certificate_get_openpgp_keyring: REMOVED
+gnutls_session_get_server_random: REMOVED
+gnutls_session_get_client_random: REMOVED
+gnutls_session_get_master_secret: REMOVED
+gnutls_ia_allocate_client_credentials: REMOVED
+gnutls_ia_allocate_server_credentials: REMOVED
+gnutls_ia_enable: REMOVED
+gnutls_ia_endphase_send: REMOVED
+gnutls_ia_extract_inner_secret: REMOVED
+gnutls_ia_free_client_credentials: REMOVED
+gnutls_ia_free_server_credentials: REMOVED
+gnutls_ia_generate_challenge: REMOVED
+gnutls_ia_get_client_avp_ptr: REMOVED
+gnutls_ia_get_server_avp_ptr: REMOVED
+gnutls_ia_handshake: REMOVED
+gnutls_ia_handshake_p: REMOVED
+gnutls_ia_permute_inner_secret: REMOVED
+gnutls_ia_recv: REMOVED
+gnutls_ia_send: REMOVED
+gnutls_ia_set_client_avp_function: REMOVED
+gnutls_ia_set_client_avp_ptr: REMOVED
+gnutls_ia_set_server_avp_function: REMOVED
+gnutls_ia_set_server_avp_ptr: REMOVED
+gnutls_ia_verify_endphase: REMOVED
+
+
+* Version 2.12.2 (released 2011-04-08)
+
+** libgnutls: Several updates and fixes for win32. Patches by LRN.
+
+** libgnutls: Several bug and memory leak fixes.
+
+** srptool: Accepts the -d option to enable debugging.
+
+** libgnutls: Corrected bug in gnutls_srp_verifier() that prevented
+the allocation of a verifier. Reported by Andrew Wiseman.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+* Version 2.12.1 (released 2011-04-02)
+
+** certtool: Generated certificate request with stricter permissions.
+Reported by Luca Capello.
+
+** libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov.
+
+** libgnutls: Corrected windows system_errno() function prototype.
+
+** libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand.
+
+** libgnutls: Fix size of gnutls_openpgp_keyid_t by using the
+GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler.
+
+** API and ABI modifications:
+No changes since last version.
+
+
+
+
+* Version 2.12.0 (released 2011-03-24)
+
+** certtool: Warns on generation of DSA keys of over 1024 bits, about
+the incompatibility with TLS other than 1.2.
+
+** libgnutls: Modified signature algorithm selection in client
+certificate request, to avoid failures in DSA certificates.
+
+** libgnutls: Instead of failing with internal error, return
+GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA
+key with the negotiated protocol is encountered.
+
+** libgnutls: Bug fixes in the RSA ciphersuite behavior with openpgp keys.
+
+** libgnutls: Force state update when fork is detected in the nettle
+rng.
+
+** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred
+subkey instead of setting explicitly one.
+
+** libgnutls: Corrected default behavior in record version of Client Hellos.
+
+** libgnutls-openssl: modified to use modern gnutls' functions.
+This introduces an ABI incompatibility with previous versions.
+
+** API and ABI modifications:
+gnutls_pubkey_import_openpgp: MODIFIED
+
+
+* Version 2.11.7
+
+** libgnutls: The deprecated gnutls_x509_privkey_sign_hash() was
+replaced by gnutls_privkey_sign_hash2().
+
+** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash,
+gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data,
+gnutls_x509_crt_verify_hash return the negative error code
+GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error
+checking.
+
+** libgnutls: Added helper functions for signature verification:
+gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey().
+
+** libgnutls: Modified gnutls_privkey_sign_data().
+
+** gnutls_x509_crl_privkey_sign2(), gnutls_x509_crq_sign2()
+gnutls_x509_privkey_sign_hash(), gnutls_x509_privkey_sign_data(),
+gnutls_x509_crt_verify_hash(), gnutls_x509_crt_verify_data(), were
+deprecated for gnutls_x509_crl_privkey_sign(),
+gnutls_x509_crq_privkey_sign(), gnutls_privkey_sign_hash(),
+gnutls_privkey_sign_data(), gnutls_pubkey_verify_hash()
+gnutls_pubkey_verify_data() respectively.
+
+** libgnutls: gnutls_*_export_raw() functions now add leading zero in
+integers.
+
+** libgnutls: Added convenience functions gnutls_x509_crl_list_import2()
+and gnutls_x509_crt_list_import2().
+
+** crypto.h: Fix use with C++.
+Reported by "Brendan Doherty" <brendand@gentrack.com>.
+
+** API and ABI modifications:
+gnutls_x509_crl_list_import: ADDED
+gnutls_x509_crl_list_import2: ADDED
+gnutls_x509_crt_list_import2: ADDED
+gnutls_x509_crl_get_raw_issuer_dn: ADDED
+gnutls_pubkey_import_privkey: ADDED
+gnutls_pubkey_verify_data: ADDED
+gnutls_privkey_sign_hash: MODIFIED (was added in 2.11.0)
+gnutls_privkey_sign_data: MODIFIED (was added in 2.11.0)
+gnutls_x509_crq_sign2: DEPRECATED (use: gnutls_x509_crq_privkey_sign)
+gnutls_x509_crq_sign: DEPRECATED (use: gnutls_x509_crq_privkey_sign)
+gnutls_x509_crq_get_preferred_hash_algorithm: REMOVED (was added in 2.11.0)
+gnutls_x509_crl_sign: DEPRECATED (use: gnutls_x509_crl_privkey_sign)
+gnutls_x509_crl_sign2: DEPRECATED (use: gnutls_x509_crl_privkey_sign)
+gnutls_x509_privkey_sign_data: DEPRECATED (use: gnutls_privkey_sign_data2)
+gnutls_x509_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2)
+gnutls_x509_privkey_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
+gnutls_session_set_finished_function: DEPRECATED
+gnutls_x509_crt_verify_hash: DEPRECATED (use: gnutls_pubkey_verify_hash)
+gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
+gnutls_x509_crt_get_verify_algorithm: DEPRECATED (use: gnutls_pubkey_get_verify_algorithm)
+gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED (use: gnutls_pubkey_get_preferred_hash_algorithm)
+gnutls_openpgp_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2)
+gnutls_pkcs11_privkey_sign_hash: REMOVED (was added in 2.11.0)
+gnutls_pkcs11_privkey_decrypt_data: REMOVED (was added in 2.11.0)
+gnutls_privkey_sign_hash: REMOVED (was added in 2.11.0)
+
+* Version 2.11.6 (released 2010-12-06)
+
+** libgnutls: Record version of Client Hellos is now set by default to
+SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION
+priority string.
+
+** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
+This makes us comply with RFC3279. Reported by Michael Rommel.
+
+** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.11.5 (released 2010-12-01)
+
+** libgnutls: Reverted default behavior for verification and
+introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
+V1 trusted CAs are allowed, unless the new flag is specified.
+
+** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key.
+Reported by Jeffrey Walton.
+
+** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL
+as priority strings. Those allow to set all the supported algorithms
+at once.
+
+** p11tool: Introduced. It allows manipulating pkcs 11 tokens.
+
+** gnutls-cli: Print channel binding only in verbose mode.
+Before it printed it after the 'Compression:' output, thus breaking
+Emacs starttls.el string searches.
+
+** API and ABI modifications:
+gnutls_pkcs11_token_init: New function
+gnutls_pkcs11_token_set_pin: New function
+
+* Version 2.11.4 (released 2010-10-15)
+
+** libgnutls: Add new API gnutls_session_channel_binding.
+The function is used to get the channel binding data. Currently only
+the "tls-unique" (RFC 5929) channel binding type is supported, through
+the GNUTLS_CB_TLS_UNIQUE type. See new section "Channel Bindings" in
+the manual.
+
+** gnutls-cli, gnutls-serv: Print 'tls-unique' Channel Bindings.
+
+** doc: Added pkcs11.h header file to GTK-DOC manual.
+
+** build: Update gnulib files.
+
+** i18n: Update translations.
+
+** tests: Add self tests gendh.c. Speed up Guile self checks.
+
+** API and ABI modifications:
+gnutls_session_channel_binding: New function.
+gnutls_channel_binding_t: New enumeration.
+GNUTLS_CB_TLS_UNIQUE: New gnutls_channel_binding_t enum member.
+GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE: New error code.
+
+* Version 2.11.3 (released 2010-10-14)
+
+** Indent code to follow the GNU Coding Standard.
+You should be able to unpack the 2.11.2 release and run 'make indent'
+twice to get exactly the same content as 2.11.3 except for generated
+files. Using GNU Indent 2.2.11.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.11.2 (released 2010-10-08)
+
+** libgnutls: Several bug fixes on session resumption
+and session tickets support.
+
+** libgnutls: Add new extended key usage ipsecIKE.
+
+** certtool: Renamed PKCS #11 options to: --p11-provider,
+--p11-export-url, --p11-list-certs, --p11-list-certs,
+--p11-list-privkeys, --p11-list-trusted, --p11-list-all-certs,
+--p11-list-all, --p11-list-tokens, --p11-login, --p11-write,
+--p11-write-label, --p11-write-trusted, --p11-detailed-url,
+--p11-delete-url
+
+** libgnutls: Corrected bug that caused importing DSA keys as RSA,
+introduced with the new nettle code.
+
+** libgnutls: Corrected advertizing issue for session tickets.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_subject_unique_id: ADDED.
+gnutls_x509_crt_get_issuer_unique_id: ADDED.
+
+* Version 2.11.1 (released 2010-09-14)
+
+** libgnutls: Nettle is the default crypto back end. Use --with-libgcrypt
+to use the libgcrypt back end.
+
+** libgnutls: Depend on nettle 2.1. This makes nettle a fully working
+backend crypto library.
+
+** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites.
+
+** libgnutls: Several updates in the buffering internal interface.
+
+** libgnutls: Is now more liberal in the PEM decoding. That is spaces and
+tabs are being skipped.
+
+** libgnutls: Added support for draft-pechanec-pkcs11uri-02.
+
+** libgnutls: The %COMPAT flag now allows larger records that violate the
+TLS spec.
+
+** libgnutls: by default lowat level has been set to zero to avoid unnecessary
+system calls. Applications that depended on it being 1 should explicitly call
+gnutls_transport_set_lowat().
+
+** libgnutls: Updated documentation and gnutls_pk_params_t mappings
+to ECRYPT II recommendations. Mappings were moved to a single location
+and DSA keys are handled differently (since DSA2 allows for 1024,2048
+and 3072 keys only).
+
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
+** libgnutls: HMAC-MD5 no longer used by default.
+
+** API and ABI modifications:
+gnutls_openpgp_privkey_sec_param: ADDED
+gnutls_x509_privkey_sec_param: ADDED
+
+* Version 2.11.0 (released 2010-07-22)
+
+** libgnutls: support scattered write using writev(). This takes
+advantage of the new buffering layer and allows queuing of packets
+and flushing them. This is currently used for handshake messages
+only.
+
+** libgnutls: Added gnutls_global_set_mutex() to allow setting
+alternative locking procedures. By default the system available
+locking is used. In *NIX pthreads are used and in windows the
+critical section API. This follows a different approach than the
+previous versions that depended on libgcrypt initialization. The
+locks are now set by default in systems that support it. Programs
+that used gcry_control() to set thread locks should insert it into
+a block of
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
+ gcry_control(...)
+#endif
+
+** libgnutls: Added support for reading DN from EV-certificates.
+New DN values:
+jurisdictionOfIncorporationLocalityName,
+jurisdictionOfIncorporationStateOrProvinceName,
+jurisdictionOfIncorporationCountryName
+
+** libgnutls: Added support for DSA signing/verifying with bit
+length over 1024.
+
+** libgnutls-extra: When in FIPS mode gnutls_global_init_extra()
+has to be called to register any required md5 handlers.
+
+** libgnutls: Internal buffering code was replaced by simpler
+code contributed by Jonathan Bastien-Filiatrault.
+
+** libgnutls: Internal API for extensions augmented to allow
+safe storing and loading of data on resumption. This allows writing
+self-contained extensions (when possible). As a side effect
+the OPRFI extension was removed.
+
+** libgnutls: Added support for DSA-SHA256 and DSA-SHA224
+
+** libgnutls: Added PKCS #11 support and an API to access objects in
+gnutls/pkcs11.h. Currently certificates and public keys can be
+imported from tokens, and operations can be performed on private keys.
+
+** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t
+
+** libgnutls: Added initial support for the nettle library. It uses
+the system's random generator for seeding. That is /dev/urandom in Linux,
+system calls in Win32 and EGD on other systems.
+
+** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
+ works even when resuming a session.
+
+** libgnutls: Added gnutls_certificate_set_retrieve_function() to replace the
+similar gnutls_certificate_set_server_retrieve_function() and
+gnutls_certificate_set_client_retrieve_function(). In addition it support
+PKCS #11 private keys.
+
+** libgnutls: Added gnutls_pkcs11_copy_x509_crt(), gnutls_pkcs11_copy_x509_privkey(),
+and gnutls_pkcs11_delete_url() to allow copying and deleting data in tokens.
+
+** libgnutls: Added gnutls_sec_param_to_pk_bits() et al. to allow select bit
+sizes for private keys using a human understandable scale.
+
+** certtool: Added new options: --pkcs11-list-tokens, --pkcs11-list-all
+--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs,
+--pkcs11-delete-url, --pkcs11-write
+
+certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior can
+be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
+certtool: Added --certificate-pubkey to print the public key of the
+certificate.
+
+** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile
+can now accept a PKCS #11 URL in addition to a file. This will allow for
+example to use the Gnome-keyring trusted certificate list to verify
+connections using a url such as:
+pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring
+
+** API and ABI modifications:
+gnutls_certificate_set_server_retrieve_function: DEPRECATED
+gnutls_certificate_set_client_retrieve_function: DEPRECATED
+gnutls_sign_callback_set: DEPRECATED
+gnutls_global_set_mutex: ADDED
+gnutls_pubkey_get_preferred_hash_algorithm: ADDED
+gnutls_x509_crt_get_preferred_hash_algorithm: ADDED
+gnutls_x509_privkey_export_rsa_raw2: ADDED
+gnutls_rnd: ADDED
+gnutls_sec_param_to_pk_bits: ADDED
+gnutls_pk_bits_to_sec_param: ADDED
+gnutls_sec_param_get_name: ADDED
+gnutls_pkcs11_type_get_name: ADDED
+gnutls_certificate_set_retrieve_function: ADDED
+gnutls_pkcs11_init: ADDED
+gnutls_pkcs11_deinit: ADDED
+gnutls_pkcs11_set_pin_function: ADDED
+gnutls_pkcs11_set_token_function: ADDED
+gnutls_pkcs11_add_provider: ADDED
+gnutls_pkcs11_obj_init: ADDED
+gnutls_pkcs11_obj_import_url: ADDED
+gnutls_pkcs11_obj_export_url: ADDED
+gnutls_pkcs11_obj_deinit: ADDED
+gnutls_pkcs11_obj_export: ADDED
+gnutls_pkcs11_obj_list_import_url: ADDED
+gnutls_pkcs11_obj_export: ADDED
+gnutls_x509_crt_import_pkcs11: ADDED
+gnutls_pkcs11_obj_get_type: ADDED
+gnutls_x509_crt_list_import_pkcs11: ADDED
+gnutls_x509_crt_import_pkcs11_url: ADDED
+gnutls_pkcs11_obj_get_info: ADDED
+gnutls_pkcs11_token_get_info: ADDED
+gnutls_pkcs11_token_get_url: ADDED
+gnutls_pkcs11_privkey_init: ADDED
+gnutls_pkcs11_privkey_deinit: ADDED
+gnutls_pkcs11_privkey_get_pk_algorithm: ADDED
+gnutls_pkcs11_privkey_get_info: ADDED
+gnutls_pkcs11_privkey_import_url: ADDED
+gnutls_pkcs11_privkey_sign_data: ADDED
+gnutls_pkcs11_privkey_sign_hash: ADDED
+gnutls_pkcs11_privkey_decrypt_data: ADDED
+gnutls_privkey_init: ADDED
+gnutls_privkey_deinit: ADDED
+gnutls_privkey_get_pk_algorithm: ADDED
+gnutls_privkey_get_type: ADDED
+gnutls_privkey_import_pkcs11: ADDED
+gnutls_privkey_import_x509: ADDED
+gnutls_privkey_import_openpgp: ADDED
+gnutls_privkey_sign_data: ADDED
+gnutls_privkey_sign_hash: ADDED
+gnutls_privkey_decrypt_data: ADDED
+gnutls_pkcs11_privkey_export_url: ADDED
+gnutls_x509_crq_privkey_sign: ADDED
+gnutls_x509_crl_privkey_sign: ADDED
+gnutls_x509_crt_privkey_sign: ADDED
+gnutls_pubkey_init: ADDED
+gnutls_pubkey_deinit: ADDED
+gnutls_pubkey_get_pk_algorithm: ADDED
+gnutls_pubkey_import_x509: ADDED
+gnutls_pubkey_import_openpgp: ADDED
+gnutls_pubkey_get_pk_rsa_raw: ADDED
+gnutls_pubkey_get_pk_dsa_raw: ADDED
+gnutls_pubkey_export: ADDED
+gnutls_pubkey_get_key_id: ADDED
+gnutls_pubkey_get_key_usage: ADDED
+gnutls_pubkey_verify_hash: ADDED
+gnutls_pubkey_get_verify_algorithm: ADDED
+gnutls_pkcs11_type_get_name: ADDED
+gnutls_pubkey_import_pkcs11_url: ADDED
+gnutls_pubkey_import: ADDED
+gnutls_pubkey_import_pkcs11: ADDED
+gnutls_pubkey_import_dsa_raw: ADDED
+gnutls_pubkey_import_rsa_raw: ADDED
+gnutls_x509_crt_set_pubkey: ADDED
+gnutls_x509_crq_set_pubkey: ADDED
+gnutls_pkcs11_copy_x509_crt: ADDED
+gnutls_pkcs11_copy_x509_privkey: ADDED
+gnutls_pkcs11_delete_url: ADDED
+
+* Version 2.10.1 (released 2010-07-25)
+
+** libgnutls: Added support for broken certificates that indicate RSA
+with strange OIDs.
+
+** gnutls-cli: Allow verification using V1 CAs.
+
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
+** libgnutls: Correctly deinitialize crypto API functions to prevent
+a memory leak. Reported by Mads Kiilerich.
+
+** certtool: If asked to generate DSA keys of size more than 1024 bits,
+issue a warning, that the output key might not be working everywhere.
+
+** certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior
+can be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.10.0 (released 2010-06-25)
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.12 (released 2010-06-17)
+
+** gnutls-cli: Make --starttls work again.
+Problem introduced in patch to use read() instead of fgets() committed
+on 2010-01-27.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.11 (released 2010-06-07)
+
+** libgnutls: Removed two APIs related to safe renegotiation.
+Use priority strings instead. The APIs were
+gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
+(Remember that we don't promise ABI stability during development
+series, so this doesn't cause an shared library ABI increment.)
+
+** tests: More self testing of safe renegotiation extension.
+See tests/safe-renegotiation/README for more information.
+
+** doc: a PDF version of the API reference manual (GTK-DOC) is now built.
+
+** doc: Terms 'GNUTLS' and 'GNU TLS' were changed to 'GnuTLS' for consistency.
+
+** API and ABI modifications:
+gnutls_safe_negotiation_set_initial: REMOVED.
+gnutls_safe_renegotiation_set: REMOVED.
+
+* Version 2.9.10 (released 2010-04-22)
+
+** libgnutls: Time verification extended to trusted certificate list.
+Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is
+specified.
+
+** certtool: Display postalCode and Name X.509 DN attributes correctly.
+Based on patch by Pavan Konjarla. Adds new constant
+GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME.
+
+** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746)
+Solves the issue discussed in:
+<http://www.ietf.org/mail-archive/web/tls/current/msg03928.html> and
+<http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>.
+Note that to allow connecting to unpatched servers the full protection
+is only enabled if the priority string %SAFE_RENEGOTIATION is
+specified. You can check whether protection is in place by querying
+gnutls_safe_renegotiation_status(). New error codes
+GNUTLS_E_SAFE_RENEGOTIATION_FAILED and
+GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added.
+
+** libgnutls: When checking openpgp self signature also check the signatures
+** of all subkeys.
+Ilari Liusvaara noticed and reported the issue and provided test
+vectors as well.
+
+** libgnutls: Added cryptodev support (/dev/crypto).
+Tested with http://www.logix.cz/michal/devel/cryptodev/. Added
+benchmark utility for AES. Adds new error codes
+GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR.
+
+** libgnutls: Exported API to access encryption and hash algorithms.
+The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit,
+gnutls_cipher_encrypt, gnutls_cipher_get_block_size,
+gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast,
+gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output,
+gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast,
+gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output. New API
+constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224.
+
+** libgnutls: Added gnutls_certificate_set_verify_function() to allow
+verification of certificate upon receipt rather than waiting until the
+end of the handshake.
+
+** libgnutls: Don't send alerts during handshake.
+Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added.
+
+** certtool: Corrected two issues that affected certificate request generation.
+(1) Null padding is added on integers (found thanks to Wilankar Trupti),
+(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA
+parameters were added. Those were rejected by Verisign. Gnutls no longer adds
+those parameters there since other implementations don't do either and having
+them does not seem to offer anything (anyway you need the signer's certificate
+to verify thus public key will be available). Found thanks to Boyan Kasarov.
+This however has the side-effect that public key IDs shown by certtool are
+now different than previous gnutls releases.
+(3) the option --pgp-certificate-info will verify self signatures
+
+** certtool: Allow exporting of Certificate requests on DER format.
+
+** certtool: New option --no-crq-extensions to avoid extensions in CSRs.
+
+** gnutls-cli: Handle reading binary data from server.
+Reported by and tiny patch from Vitaly Mayatskikh
+<v.mayatskih@gmail.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
+
+** minitasn1: Upgraded to libtasn1 version 2.6.
+
+** i18n: Updated Czech, Dutch, French, Polish, Swedish translation.
+** Added Italian and Simplified Chinese translation.
+Thanks to Petr Pisar, Erwin Poeze, Nicolas Provost, Jakub Bogusz,
+Daniel Nylander, Sergio Zanchetta, Tao Wei, and Aron Xu.
+
+** doc: The GTK-DOC manual is significantly improved.
+
+** API and ABI modifications:
+%DISABLE_SAFE_RENEGOTIATION: Added to priority strings (do not use).
+%INITIAL_SAFE_RENEGOTIATION: Added to priority strings.
+%UNSAFE_RENEGOTIATION: Added to priority strings.
+GNUTLS_DIG_SHA224: ADDED.
+GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED.
+GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED.
+GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED.
+GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED.
+GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED.
+GNUTLS_MAC_SHA224: ADDED.
+GNUTLS_OID_X520_NAME: ADDED.
+GNUTLS_OID_X520_POSTALCODE: ADDED.
+GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED.
+GNUTLS_VERSION_MAX: ADDED.
+gnutls_certificate_set_verify_function: ADDED.
+gnutls_cipher_decrypt: ADDED.
+gnutls_cipher_deinit: ADDED.
+gnutls_cipher_encrypt: ADDED.
+gnutls_cipher_get_block_size: ADDED.
+gnutls_cipher_init: ADDED.
+gnutls_hash: ADDED.
+gnutls_hash_deinit: ADDED.
+gnutls_hash_fast: ADDED.
+gnutls_hash_get_len: ADDED.
+gnutls_hash_init: ADDED.
+gnutls_hash_output: ADDED.
+gnutls_hmac: ADDED.
+gnutls_hmac_deinit: ADDED.
+gnutls_hmac_fast: ADDED.
+gnutls_hmac_get_len: ADDED.
+gnutls_hmac_init: ADDED.
+gnutls_hmac_output: ADDED.
+gnutls_safe_negotiation_set_initial: ADDED.
+gnutls_safe_renegotiation_set: ADDED.
+gnutls_safe_renegotiation_status: ADDED.
+
+* Version 2.9.9 (released 2009-11-09)
+
+** libgnutls: Cleanups and several bug fixes.
+Found by Steve Grubb and Tomas Mraz.
+
+** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.
+
+** Fix --disable-valgrind-tests.
+Reported by Ingmar Vanhassel in
+<https://savannah.gnu.org/support/?107029>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.8 (released 2009-11-05)
+
+** libgnutls: Fix for memory leaks on interrupted handshake.
+Reported by Tang Tong.
+
+** libgnutls: Addition of support for TLS 1.2 signature algorithms
+** extension and certificate verify field.
+This requires changes for TLS 1.2 servers and clients that use
+callbacks for certificate retrieval. They are now required to check
+with gnutls_sign_algorithm_get_requested() whether the certificate
+they send complies with the peer's preferences in signature
+algorithms.
+
+** libgnutls: In server side when resuming a session do not overwrite the
+** initial session data with the resumed session data.
+
+** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8
+** encryption.
+This affects also PKCS #12 encoded files. This adds the following new
+enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128,
+GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256.
+
+** libgnutls: Fix PKCS#12 encoding.
+The error you would get was "The OID is not supported.". Problem
+introduced for the v2.8.x branch in 2.7.6.
+
+** certtool: Added the --pkcs-cipher option.
+To explicitely specify the encryption algorithm to use.
+
+** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions.
+
+** tests: Fix time bomb in chainverify self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
+
+** tests: Fix expired cert in chainverify self-test.
+
+** i18n: Vietnamese translation updated.
+Thanks to Clytie Siddall.
+
+** API and ABI modifications:
+GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h.
+GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h.
+GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h.
+GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h.
+GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h.
+GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h.
+gnutls_sign_algorithm_get_requested: ADDED.
+
+* Version 2.9.7 (released 2009-10-06)
+
+** libgnutls: TLS 1.2 server mode fixes.
+Now interoperates against Opera. Contributed by Daiki Ueno.
+
+** libgnutlsxx: Fix link problems.
+Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.
+
+** guile: Compatibility with guile 2.x.
+By Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.6 (released 2009-09-22)
+
+** libgnutls: Enable Camellia ciphers by default.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.5 (released 2009-09-10)
+
+** libgnutls: Add new functions to extract X.509 Issuer Alternative Names.
+The new functions are gnutls_x509_crt_get_issuer_alt_name2,
+gnutls_x509_crt_get_issuer_alt_name, and
+gnutls_x509_crt_get_issuer_alt_othername_oid. Contributed by Brad
+Hards <bradh@frogmouth.net>.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_issuer_alt_name2: ADDED.
+gnutls_x509_crt_get_issuer_alt_name: ADDED.
+gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED.
+
+* Version 2.9.4 (released 2009-09-03)
+
+** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
+The new supported ciphersuites are AES-128/256 in CBC mode with
+ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further,
+SHA-256 is now the preferred default MAC (however it is only used with
+TLS 1.2).
+
+** libgnutls: Make OpenPGP hostname checking work again.
+The patch to resolve the X.509 CN/SAN issue accidentally broken
+OpenPGP hostname comparison.
+
+** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
+Reported by Howard Chu <hyc@symas.com> in
+<https://savannah.gnu.org/support/?106975>.
+
+** Fix use of deprecated types internally.
+Use of deprecated types in GnuTLS from now on will lead to a compile
+error, to prevent this from happening again.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.3 (released 2009-08-19)
+
+** libgnutls: Support for TLS tickets was contributed by Daiki Ueno.
+The new APIs are gnutls_session_ticket_enable_client,
+gnutls_session_ticket_enable_server, and
+gnutls_session_ticket_key_generate.
+
+** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets.
+
+** API and ABI modifications:
+gnutls_session_ticket_key_generate: ADDED.
+gnutls_session_ticket_enable_client: ADDED.
+gnutls_session_ticket_enable_server: ADDED.
+
+* Version 2.9.2 (released 2009-08-14)
+
+** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
+By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
+into 1) not printing the entire CN/SAN field value when printing a
+certificate and 2) cause incorrect positive matches when matching a
+hostname against a certificate. Some CAs apparently have poor
+checking of CN/SAN values and issue these (arguable invalid)
+certificates. Combined, this can be used by attackers to become a
+MITM on server-authenticated TLS sessions. The problem is mitigated
+since attackers needs to get one certificate per site they want to
+attack, and the attacker reveals his tracks by applying for a
+certificate at the CA. It does not apply to client authenticated TLS
+sessions. Research presented independently by Dan Kaminsky and Moxie
+Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
+for providing one part of the patch. [GNUTLS-SA-2009-4] [CVE-2009-2730].
+
+** libgnutls: Fix rare failure in gnutls_x509_crt_import.
+The function may fail incorrectly when an earlier certificate was
+imported to the same gnutls_x509_crt_t structure.
+
+** minitasn1: Internal copy updated to libtasn1 v2.3.
+
+** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
+Before it always returned false. Reported by Peter Hendrickson
+<pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
+
+** libgnutls: Fix off-by-one size computation error in unknown DN printing.
+The error resulted in truncated strings when printing unknown OIDs in
+X.509 certificate DNs. Reported by Tim Kosse
+<tim.kosse@filezilla-project.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
+
+** libgnutls: Fix PKCS#12 decryption from password.
+The encryption key derived from the password was incorrect for (on
+average) 1 in every 128 input for random inputs. Reported by "Kukosa,
+Tomas" <tomas.kukosa@siemens-enterprise.com> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
+
+** libgnutls: Return correct bit lengths of some MPIs.
+gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
+gnutls_dh_get_peers_public_bits. Before the reported value was
+overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
+
+** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
+Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
+and
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
+
+** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
+Before we required that the runtime library used the same (or more
+recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
+that the runtime usage is above the minimum required. Reported by
+Marco d'Itri <md@linux.it> via Andreas Metzler
+<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
+
+** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error.
+
+** tests: Improved test vectors in self-test pkcs12_s2k.
+
+** tests: Added new self-test dn2 to detect off-by-one size error.
+
+** tests: Fix failure in "chainverify" because a certificate have expired.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.1 (released 2009-06-08)
+
+** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
+Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
+<http://bugs.gentoo.org/272388>.
+
+** tests: Added new self-tests init_roundtrip.c to detect previous problem.
+
+** Reduce stack usage for some CRQ functions.
+
+** Doc fixes for CRQ functions.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.0 (released 2009-05-28)
+
+** Doc fixes.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.6 (released 2010-03-15)
+
+** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.
+VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti
+<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>.
+
+Note: As a side effect of this change, the "public key identifier"
+value computed for a certificate using this version of GnuTLS will be
+different from values computed using earlier versions of GnuTLS.
+
+** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the
+** optional SignatureAlgorithm parameter field.
+VeriSign rejected these CSRs. They are stricly speaking not needed
+since you need the signer's certificate to verify the certificate
+signature anyway. Reported by Wilankar Trupti
+<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>.
+
+** libgnutls: When checking openpgp self signature also check the signatures
+** of all subkeys.
+Ilari Liusvaara noticed and reported the issue and provided test
+vectors as well.
+
+** libgnutls: Cleanups and several bug fixes.
+Found by Steve Grubb and Tomas Mraz.
+
+** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.
+
+** Fix --disable-valgrind-tests.
+Reported by Ingmar Vanhassel in
+<https://savannah.gnu.org/support/?107029>.
+
+** examples: Use the new APIs for printing X.509 certificate information.
+
+** Fix build failures on Solaris.
+Thanks to Dagobert Michelsen <dam@opencsw.org>.
+
+** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese
+** translations. Added Simplified Chinese translation.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.5 (released 2009-11-02)
+
+** libgnutls: In server side when resuming a session do not overwrite the
+** initial session data with the resumed session data.
+
+** libgnutls: Fix PKCS#12 encoding.
+The error you would get was "The OID is not supported.". Problem
+introduced for the v2.8.x branch in 2.7.6.
+
+** guile: Compatibility with guile 2.x.
+By Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** tests: Fix expired cert in chainverify self-test.
+
+** tests: Fix time bomb in chainverify self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.4 (released 2009-09-18)
+
+** libgnutls: Enable Camellia ciphers by default.
+
+** libgnutls: Make OpenPGP hostname checking work again.
+The patch to resolve the X.509 CN/SAN issue accidentally broken
+OpenPGP hostname comparison.
+
+** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
+Reported by Howard Chu <hyc@symas.com> in
+<https://savannah.gnu.org/support/?106975>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.3 (released 2009-08-13)
+
+** libgnutls: Fix patch for NUL in CN/SAN in last release.
+Code intended to be removed would lead to an read-out-bound error in
+some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE
+code have been allocated for the vulnerability: [CVE-2009-2730].
+
+** libgnutls: Fix rare failure in gnutls_x509_crt_import.
+The function may fail incorrectly when an earlier certificate was
+imported to the same gnutls_x509_crt_t structure.
+
+** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error.
+
+** tests: Made self-test mini-eagain take less time.
+
+** doc: Typo fixes.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.2 (released 2009-08-10)
+
+** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
+By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
+into 1) not printing the entire CN/SAN field value when printing a
+certificate and 2) cause incorrect positive matches when matching a
+hostname against a certificate. Some CAs apparently have poor
+checking of CN/SAN values and issue these (arguable invalid)
+certificates. Combined, this can be used by attackers to become a
+MITM on server-authenticated TLS sessions. The problem is mitigated
+since attackers needs to get one certificate per site they want to
+attack, and the attacker reveals his tracks by applying for a
+certificate at the CA. It does not apply to client authenticated TLS
+sessions. Research presented independently by Dan Kaminsky and Moxie
+Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
+for providing one part of the patch. [GNUTLS-SA-2009-4].
+
+** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
+Before it always returned false. Reported by Peter Hendrickson
+<pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
+
+** libgnutls: Fix off-by-one size computation error in unknown DN printing.
+The error resulted in truncated strings when printing unknown OIDs in
+X.509 certificate DNs. Reported by Tim Kosse
+<tim.kosse@filezilla-project.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
+
+** libgnutls: Return correct bit lengths of some MPIs.
+gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
+gnutls_dh_get_peers_public_bits. Before the reported value was
+overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
+
+** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
+Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
+and
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
+
+** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
+Before we required that the runtime library used the same (or more
+recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
+that the runtime usage is above the minimum required. Reported by
+Marco d'Itri <md@linux.it> via Andreas Metzler
+<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
+
+** minitasn1: Internal copy updated to libtasn1 v2.3.
+
+** tests: Fix failure in "chainverify" because a certificate have expired.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.1 (released 2009-06-10)
+
+** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
+Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
+<http://bugs.gentoo.org/272388>.
+
+** libgnutls: Fix PKCS#12 decryption from password.
+The encryption key derived from the password was incorrect for (on
+average) 1 in every 128 input for random inputs. Reported by "Kukosa,
+Tomas" <tomas.kukosa@siemens-enterprise.com> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.0 (released 2009-05-27)
+
+** doc: Fix gnutls_dh_get_prime_bits. Fix error codes and algorithm lists.
+
+** Major changes compared to the v2.4 branch:
+
+*** lib: Linker version scripts reduces number of exported symbols.
+
+*** lib: Limit exported symbols on systems without LD linker scripts.
+
+*** libgnutls: Fix namespace issue with version symbols.
+
+*** libgnutls: Add functions to verify a hash against a certificate.
+gnutls_x509_crt_verify_hash: ADDED
+gnutls_x509_crt_get_verify_algorithm: ADDED
+
+*** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6.
+
+*** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'.
+
+*** certtool: Query for multiple dnsName subjectAltName in interactive mode.
+
+*** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.
+
+*** gnutls-serv: No longer disable MAC padding by default.
+
+*** gnutls-cli: Certificate information output format changed.
+
+*** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5
+*** and %VERIFY_ALLOW_X509_V1_CA_CRT.
+
+*** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.
+
+*** libgnutls: gnutls_openpgp_crt_print supports oneline mode.
+
+*** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+
+*** libgnutls: New interface to get key id for certificate requests.
+gnutls_x509_crq_get_key_id: ADDED.
+
+*** libgnutls: gnutls_x509_crq_print will now also print public key id.
+
+*** certtool: --verify-chain now prints results of using library verification.
+
+*** libgnutls: Libgcrypt initialization changed.
+
+*** libgnutls: Small byte reads via gnutls_record_recv() optimized.
+
+*** gnutls-cli: Return non-zero exit code on error conditions.
+
+*** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
+
+*** certtool: allow setting arbitrary key purpose object identifiers.
+
+*** libgnutls: Change detection of when to use a linker version script.
+Use --enable-ld-version-script or --disable-ld-version-script to
+override auto-detection logic.
+
+*** Fix warnings and build GnuTLS with more warnings enabled.
+
+*** New API to set X.509 credentials from PKCS#12 memory structure.
+gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
+
+*** Old libgnutls.m4 and libgnutls-config scripts removed.
+Please use pkg-config instead.
+
+*** libgnutls: Added functions to handle CRL extensions.
+gnutls_x509_crl_get_authority_key_id: ADDED
+gnutls_x509_crl_get_number: ADDED
+gnutls_x509_crl_get_extension_oid: ADDED
+gnutls_x509_crl_get_extension_info: ADDED
+gnutls_x509_crl_get_extension_data: ADDED
+gnutls_x509_crl_set_authority_key_id: ADDED
+gnutls_x509_crl_set_number: ADDED
+
+*** libgnutls: Added functions to handle X.509 extensions in Certificate
+Requests.
+gnutls_x509_crq_get_key_rsa_raw: ADDED
+gnutls_x509_crq_get_attribute_info: ADDED
+gnutls_x509_crq_get_attribute_data: ADDED
+gnutls_x509_crq_get_extension_info: ADDED
+gnutls_x509_crq_get_extension_data: ADDED
+gnutls_x509_crq_get_key_usage: ADDED
+gnutls_x509_crq_get_basic_constraints: ADDED
+gnutls_x509_crq_get_subject_alt_name: ADDED
+gnutls_x509_crq_get_subject_alt_othername_oid: ADDED
+gnutls_x509_crq_get_extension_by_oid: ADDED
+gnutls_x509_crq_set_subject_alt_name: ADDED
+gnutls_x509_crq_set_basic_constraints: ADDED
+gnutls_x509_crq_set_key_usage: ADDED
+gnutls_x509_crq_get_key_purpose_oid: ADDED
+gnutls_x509_crq_set_key_purpose_oid: ADDED
+gnutls_x509_crq_print: ADDED
+gnutls_x509_crt_set_crq_extensions: ADDED
+
+*** certtool: Print and set CRL and CRQ extensions.
+
+*** minitasn1: Internal copy updated to libtasn1 v2.1.
+
+*** examples: Now released into the public domain.
+
+*** The Texinfo and GTK-DOC manuals were improved.
+
+*** Several self-tests were added and others improved.
+
+*** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x
+No offically supported interfaces have been modified or removed. The
+library should be completely backwards compatible on both the source
+and binary level.
+
+The shared library no longer exports some symbols that have never been
+officially supported, i.e., not mentioned in any of the header files.
+The symbols are:
+
+ _gnutls*
+ gnutls_asn1_tab
+
+Normally when symbols are removed, the shared library version has to
+be incremented. This leads to a significant cost for everyone using
+the library. Because none of the above symbols have ever been
+intended for use by well-behaved applications, we decided that the it
+would be better for those applications to pay the price rather than
+incurring problems on the majority of applications.
+
+If it turns out that applications have been using unofficial
+interfaces, we will need to release a follow-on release on the v2.8
+branch to exports additional interfaces. However, initial testing
+suggests that few if any applications have been using any of the
+internal symbols.
+
+Although not a new change compared to 2.6.x, we'd like to remind you
+interfaces have been modified so that X.509 chain verification now
+also checks activation/expiration times on certificates. The affected
+functions are:
+
+gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
+gnutls_certificate_verify_peers: Likewise.
+gnutls_certificate_verify_peers2: Likewise.
+GNUTLS_CERT_NOT_ACTIVATED: ADDED.
+GNUTLS_CERT_EXPIRED: ADDED.
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
+
+This change in behaviour was made during the GnuTLS 2.6.x cycle, and
+we gave our rationale for it in earlier release notes.
+
+The following symbols have been added to the library:
+
+gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
+gnutls_x509_crl_get_authority_key_id: ADDED
+gnutls_x509_crl_get_extension_data: ADDED
+gnutls_x509_crl_get_extension_info: ADDED
+gnutls_x509_crl_get_extension_oid: ADDED
+gnutls_x509_crl_get_number: ADDED
+gnutls_x509_crl_set_authority_key_id: ADDED
+gnutls_x509_crl_set_number: ADDED
+gnutls_x509_crq_get_attribute_data: ADDED
+gnutls_x509_crq_get_attribute_info: ADDED
+gnutls_x509_crq_get_basic_constraints: ADDED
+gnutls_x509_crq_get_extension_by_oid: ADDED
+gnutls_x509_crq_get_extension_data: ADDED
+gnutls_x509_crq_get_extension_info: ADDED
+gnutls_x509_crq_get_key_id: ADDED.
+gnutls_x509_crq_get_key_purpose_oid: ADDED
+gnutls_x509_crq_get_key_rsa_raw: ADDED
+gnutls_x509_crq_get_key_usage: ADDED
+gnutls_x509_crq_get_subject_alt_name: ADDED
+gnutls_x509_crq_get_subject_alt_othername_oid: ADDED
+gnutls_x509_crq_print: ADDED
+gnutls_x509_crq_set_basic_constraints: ADDED
+gnutls_x509_crq_set_key_purpose_oid: ADDED
+gnutls_x509_crq_set_key_usage: ADDED
+gnutls_x509_crq_set_subject_alt_name: ADDED
+gnutls_x509_crt_get_verify_algorithm: ADDED
+gnutls_x509_crt_set_crq_extensions: ADDED
+gnutls_x509_crt_verify_hash: ADDED
+
+The following interfaces have been added to the header files:
+
+GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.
+GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.
+GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.
+GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.
+GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.
+GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION.
+
+The following interfaces have been deprecated:
+
+LIBGNUTLS_VERSION: DEPRECATED.
+LIBGNUTLS_VERSION_MAJOR: DEPRECATED.
+LIBGNUTLS_VERSION_MINOR: DEPRECATED.
+LIBGNUTLS_VERSION_PATCH: DEPRECATED.
+LIBGNUTLS_VERSION_NUMBER: DEPRECATED.
+LIBGNUTLS_EXTRA_VERSION: DEPRECATED.
+
+* Version 2.7.14 (released 2009-05-26)
+
+** libgnutls: Fix namespace issue with version symbol for libgnutls-extra.
+The symbol LIBGNUTLS_EXTRA_VERSION were renamed to
+GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is
+deprecated.
+
+** Doc: Several typo fixes in documentation.
+Reported by Peter Hendrickson <pdh@wiredyne.com>.
+
+** API and ABI modifications:
+GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION.
+LIBGNUTLS_EXTRA_VERSION: DEPRECATED.
+
+* Version 2.7.13 (released 2009-05-25)
+
+** libgnutls: Fix version of some exported symbols in the shared library.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>.
+
+** tests: Handle recently expired certificates in chainverify self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.12 (released 2009-05-20)
+
+** gnutls-serv, gnutls-cli-debug: Make them work on Windows.
+
+** tests/crq_key_id: Don't read entropy from /dev/random in self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>.
+
+** Fix build failures.
+Missing sa_family_t and vsnprintf on IRIX. Reported by "Tom
+G. Christensen" <tgc@jupiterrise.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3571>.
+
+** minitasn1: Internal copy updated to libtasn1 v2.2.
+GnuTLS should work fine with libtasn1 v1.x and that is still
+supported.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.11 (released 2009-05-18)
+
+** minitasn1: Fix build failure when using internal libtasn1.
+Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>.
+
+** libgnutls: Fix build failure with --disable-cxx.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3557>.
+
+** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV.
+Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560>
+
+** Building with many warning flags now requires --enable-gcc-warnings.
+This avoids crying wolf for normal compiles.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.10 (released 2009-05-13)
+
+** examples: Now released into the public domain.
+This makes the license of the example code compatible with more
+licenses, including the (L)GPL.
+
+** minitasn1: Internal copy updated to libtasn1 v2.1.
+GnuTLS should work fine with libtasn1 v1.x and that is still
+supported.
+
+** libgnutls: Fix crash in signature verification
+The fix for the CVE-2009-1415 problem wasn't merged completely.
+
+** doc: Fixes for GTK-DOC output.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.9 (released 2009-05-11)
+
+** doc: Fix strings in man page of gnutls_priority_init.
+
+** doc: Fix tables of error codes and supported algorithms.
+
+** Fix build failure when cross-compiled using MinGW.
+
+** Fix build failure when LZO is enabled.
+Reported by Arfrever Frehtes Taifersar Arahesis
+<arfrever.fta@gmail.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3522>.
+
+** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6.
+Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>.
+
+** Fix warnings in self-tests.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.8 (released 2009-05-03)
+
+** libgnutls: Fix DSA key generation.
+Merged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416]
+
+** libgnutls: Check expiration/activation time on untrusted certificates.
+Merged from stable branch. Reported by Romain Francoise
+<romain@orebokech.com>. This changes the semantics of
+gnutls_x509_crt_list_verify, which in turn is used by
+gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2.
+We add two new gnutls_certificate_status_t codes for reporting the new
+error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED.
+We also add a new gnutls_certificate_verify_flags flag,
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
+behaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417]
+
+** lib: Linker version scripts reduces number of exported symbols.
+The linker version script now lists all exported ABIs explicitly, to
+avoid accidentally exporting unintended functions. Compared to
+before, most symbols beginning with _gnutls* are no longer exported.
+These functions have never been intended for use by applications, and
+there were no prototypes for these function in the public header
+files. Thus we believe it is possible to do this without incrementing
+the library ABI version which normally has to be done when removing an
+interface.
+
+** lib: Limit exported symbols on systems without LD linker scripts.
+Before all symbols were exported. Now we limit the exported symbols
+to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls)
+_gnutls*. This is a superset of the actual supported ABI, but still
+an improvement compared to before. This is implemented using Libtool
+-export-symbols-regex. It is more portable than linker version
+scripts.
+
+** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols.
+This should have been done in the last release.
+
+** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6.
+Reported by Peter Hendrickson <pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3476>.
+
+** doc: Improved sections for the info manual.
+We now follow the advice given by the texinfo manual on which
+directory categories to use. In particular, libgnutls moved from the
+'GNU Libraries' section to the 'Software libraries' and the command
+line tools moved from 'Network Applications' to 'System
+Administration'.
+
+** API and ABI modifications:
+gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
+gnutls_certificate_verify_peers: Likewise.
+gnutls_certificate_verify_peers2: Likewise.
+GNUTLS_CERT_NOT_ACTIVATED: ADDED.
+GNUTLS_CERT_EXPIRED: ADDED.
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
+
+* Version 2.7.7 (released 2009-04-20)
+
+** libgnutls: Applied patch by Cedric Bail to add functions
+gnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm().
+
+** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>.
+
+** minitasn1: Internal copy updated to libtasn1 v1.8.
+GnuTLS is also internally ready to be used with libtasn1 v2.0.
+
+** doc: Fix build failure of errcodes/printlist.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>.
+
+** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'.
+It is currently only used by the core library. This will enable a new
+domain 'gnutls' for translations of the command line tools.
+
+** Corrected possible memory corruption on signature verification failure.
+Reported by Miroslav Kratochvil <exa.exa@gmail.com>
+
+** API and ABI modifications:
+gnutls_x509_crt_verify_hash: ADDED
+gnutls_x509_crt_get_verify_algorithm: ADDED
+
+* Version 2.7.6 (released 2009-02-27)
+
+** certtool: Query for multiple dnsName subjectAltName in interactive mode.
+This applies both to generating certificates and certificate requests.
+
+** pkix.asn: Removed unneeded definitions to reduce memory usage.
+
+** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.
+Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to
+be used for chain verification.
+
+** gnutls-serv: No longer disable MAC padding by default.
+Use --priority NORMAL:%COMPAT to disable MAC padding again.
+
+** gnutls-cli: Certificate information output format changed.
+The tool now uses libgnutls' functions to print certificate
+information. This avoids code duplication.
+
+** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5
+** and %VERIFY_ALLOW_X509_V1_CA_CRT.
+They can be used to override the default certificate chain validation
+behaviour.
+
+** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
+specify the client hello message record version. Used to overcome buggy
+TLS servers. Report by Martin von Gagern.
+
+** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.
+
+** libgnutls: gnutls_openpgp_crt_print supports oneline mode.
+
+** doc: Update gnutls-cli and gnutls-serv --help output descriptions.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.5 (released 2009-02-06)
+
+** libgnutls: Accept chains where intermediary certs are trusted.
+Before GnuTLS needed to validate the entire chain back to a
+self-signed certificate. GnuTLS will now stop looking when it has
+found an intermediary trusted certificate. The new behaviour is
+useful when chains, for example, contains a top-level CA, an
+intermediary CA signed using RSA-MD5, and an end-entity certificate.
+To avoid chain validation errors due to the RSA-MD5 cert, you can
+explicitly add the intermediary RSA-MD5 cert to your trusted certs.
+The signature on trusted certificates are not checked, so the chain
+has a chance to validate correctly. Reported by "Douglas E. Engert"
+<deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: result_size in gnutls_hex_encode now holds
+the size of the result. Report by John Brooks <special@dereferenced.net>.
+
+** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+Reported by Tristan Hill <stan@saticed.me.uk>.
+
+** libgnutls: Permit V1 Certificate Authorities properly.
+Before they were mistakenly rejected even though
+GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+"Douglas E. Engert" <deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.4 (released 2009-01-07)
+
+** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
+This is a bugfix -- the previous attempt to do this from internal x509
+certificate verification procedures did not return the correct value
+for certificates using a weak hash. Reported by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
+debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>.
+
+** libgnutls: New interface to get key id for certificate requests.
+Patch from David Marín Carreño <davefx@gmail.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.
+
+** libgnutls: gnutls_x509_crq_print will now also print public key id.
+
+** certtool: --verify-chain now prints results of using library verification.
+Earlier, certtool --verify-chain used its own validation algorithm
+which wasn't guaranteed to give the same result as the libgnutls
+internal validation algorithm. Now this command print a new final
+line with header 'Chain verification output:' that contains the result
+from using the internal verification algorithm on the same chain.
+
+** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id.
+
+** API and ABI modifications:
+gnutls_x509_crq_get_key_id: ADDED.
+
+* Version 2.7.3 (released 2008-12-10)
+
+** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
+Reported by Michael Kiefer <Michael-Kiefer@web.de> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by
+Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>.
+
+** libgnutls: Libgcrypt initialization changed.
+If libgcrypt has not already been initialized, GnuTLS will now
+initialize libgcrypt with disabled secure memory. Initialize
+libgcrypt explicitly in your application if you want to enable secure
+memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory
+allocation functions, which doesn't use secure memory, so there is no
+real change in behaviour.
+
+** libgnutls: Fix memory leak in PSK authentication.
+Reported by Michael Weiser <michael@weiser.dinsnail.net> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1465>.
+
+** libgnutls: Small byte reads via gnutls_record_recv() optimized.
+
+** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
+It needs to be invoked before libgcrypt is initialized.
+
+** gnutls-cli: Return non-zero exit code on error conditions.
+
+** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
+
+** tests: Added chainverify self-test that tests X.509 chain verifications.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.2 (released 2008-11-18)
+
+** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
+The flaw makes it possible for man in the middle attackers (i.e.,
+active attackers) to assume any name and trick GnuTLS clients into
+trusting that name. Thanks for report and analysis from Martin von
+Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
+
+Any updates with more details about this vulnerability will be added
+to <https://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix namespace issue with version symbols.
+The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR,
+LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and
+LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER,
+GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and
+GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to
+work but are deprecated.
+
+** certtool: allow setting arbitrary key purpose object identifiers.
+
+** libgnutls: Fix detection of C99 macros, to make debug logging work again.
+
+** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
+Reported by Kevin Quick <quick@sparq.org> in
+<https://savannah.gnu.org/support/index.php?106454>.
+
+** libgnutls-extra: Make building with LZO compression work again.
+Build failure reported by Arfrever Frehtes Taifersar Arahesis
+<arfrever.fta@gmail.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3194>.
+
+** libgnutls: Change detection of when to use a linker version script.
+Use --enable-ld-version-script or --disable-ld-version-script to
+override auto-detection logic.
+
+** doc: Change license on the manual to GFDLv1.3+.
+
+** doc: GTK-DOC fixes for new splitted configuration system.
+
+** doc: Texinfo stylesheet uses white background.
+
+** tests: Add cve-2008-4989.c self-test.
+Tests regressions of the GNUTLS-SA-2008-3 security problem, and the
+follow-on problem with crashes on length 1 certificate chains.
+
+** gnulib: Deprecated modules removed.
+Modules include memchr and memcmp.
+
+** Fix warnings and build GnuTLS with more warnings enabled.
+
+** minitasn1: Internal copy updated to libtasn1 v1.7.
+
+** API and ABI modifications:
+gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
+GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.
+GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.
+GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.
+GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.
+GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.
+LIBGNUTLS_VERSION: DEPRECATED.
+LIBGNUTLS_VERSION_MAJOR: DEPRECATED.
+LIBGNUTLS_VERSION_MINOR: DEPRECATED.
+LIBGNUTLS_VERSION_PATCH: DEPRECATED.
+LIBGNUTLS_VERSION_NUMBER: DEPRECATED.
+
+* Version 2.7.1 (released 2008-10-31)
+
+** certtool: print a PKCS #8 key even if it is not encrypted.
+
+** Old libgnutls.m4 and libgnutls-config scripts removed.
+Please use pkg-config instead.
+
+** Configuration system modified.
+There is now a configure script in lib/ and libextra/ as well, because
+gnulib works better with a config.h per gnulib directory.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.0 (released 2008-10-16)
+
+** libgnutls: Added functions to handle CRL extensions.
+
+** libgnutls: Added functions to handle X.509 extensions in Certificate
+Requests.
+
+** libgnutls: Improved error string for GNUTLS_E_AGAIN.
+Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>.
+
+** certtool: Print and set CRL and CRQ extensions.
+
+** libgnutls-extra: Protect internal symbols with static.
+Fixes problem when linking certtool statically. Tiny patch from Aaron
+Ucko <ucko@ncbi.nlm.nih.gov>.
+
+** libgnutls-openssl: fix out of bounds access.
+Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch
+from Thomas Viehmann <tv@beamnet.de>.
+
+** libgnutlsxx: Define server_session::get_srp_username even if no SRP.
+
+** tests: Make tests compile when using internal libtasn1.
+Patch by ludo@gnu.org (Ludovic Courtès).
+
+** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config.
+We now require a libgcrypt that has Camellia constants declared in
+gcrypt.h, which means v1.3.0 or later.
+
+** API and ABI modifications:
+gnutls_x509_crl_get_authority_key_id: ADDED
+gnutls_x509_crl_get_number: ADDED
+gnutls_x509_crl_get_extension_oid: ADDED
+gnutls_x509_crl_get_extension_info: ADDED
+gnutls_x509_crl_get_extension_data: ADDED
+gnutls_x509_crl_set_authority_key_id: ADDED
+gnutls_x509_crl_set_number: ADDED
+gnutls_x509_crq_get_key_rsa_raw: ADDED
+gnutls_x509_crq_get_attribute_info: ADDED
+gnutls_x509_crq_get_attribute_data: ADDED
+gnutls_x509_crq_get_extension_info: ADDED
+gnutls_x509_crq_get_extension_data: ADDED
+gnutls_x509_crq_get_key_usage: ADDED
+gnutls_x509_crq_get_basic_constraints: ADDED
+gnutls_x509_crq_get_subject_alt_name: ADDED
+gnutls_x509_crq_get_subject_alt_othername_oid: ADDED
+gnutls_x509_crq_get_extension_by_oid: ADDED
+gnutls_x509_crq_set_subject_alt_name: ADDED
+gnutls_x509_crq_set_basic_constraints: ADDED
+gnutls_x509_crq_set_key_usage: ADDED
+gnutls_x509_crq_get_key_purpose_oid: ADDED
+gnutls_x509_crq_set_key_purpose_oid: ADDED
+gnutls_x509_crq_print: ADDED
+gnutls_x509_crt_set_crq_extensions: ADDED
+
+* Version 2.6.6 (released 2009-04-30)
+
+** libgnutls: Corrected double free on signature verification failure.
+Reported by Miroslav Kratochvil <exa.exa@gmail.com>. See the advisory
+for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
+
+** libgnutls: Fix DSA key generation.
+Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
+DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
+for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
+
+** libgnutls: Check expiration/activation time on untrusted certificates.
+Reported by Romain Francoise <romain@orebokech.com>. Before the
+library did not check activation/expiration times on certificates, and
+was documented as not doing so. We have realized that many
+applications that use libgnutls, including gnutls-cli, fail to perform
+proper checks. Implementing similar logic in all applications leads
+to code duplication. Hence, we decided to check whether the current
+time (as reported by the time function) is within the
+activation/expiration period of certificates when verifying untrusted
+certificates.
+
+This changes the semantics of gnutls_x509_crt_list_verify, which in
+turn is used by gnutls_certificate_verify_peers and
+gnutls_certificate_verify_peers2. We add two new
+gnutls_certificate_status_t codes for reporting the new error
+condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
+add a new gnutls_certificate_verify_flags flag,
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
+behaviour.
+
+More details about the vulnerabilities will be posted at
+<https://www.gnu.org/software/gnutls/security.html>.
+
+** gnutls-cli, gnutls-cli-debug: Fix AIX build problem.
+Reported by LAUPRETRE François (P) <francois.laupretre@ratp.fr> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3468>.
+
+** tests: Fix linking of tests/openpgp/keyring self-test.
+Reported by Daniel Black in <https://savannah.gnu.org/support/?106543>.
+
+** API and ABI modifications:
+gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
+gnutls_certificate_verify_peers: Likewise.
+gnutls_certificate_verify_peers2: Likewise.
+GNUTLS_CERT_NOT_ACTIVATED: ADDED.
+GNUTLS_CERT_EXPIRED: ADDED.
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
+
+* Version 2.6.5 (released 2009-04-11)
+
+** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
+specify the client hello message record version. Used to overcome buggy
+TLS servers. Report by Martin von Gagern.
+
+** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
+Libtasn1 0.3.4 or later is required. This is to align with the
+upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.4 (released 2009-02-06)
+
+** libgnutls: Accept chains where intermediary certs are trusted.
+Before GnuTLS needed to validate the entire chain back to a
+self-signed certificate. GnuTLS will now stop looking when it has
+found an intermediary trusted certificate. The new behaviour is
+useful when chains, for example, contains a top-level CA, an
+intermediary CA signed using RSA-MD5, and an end-entity certificate.
+To avoid chain validation errors due to the RSA-MD5 cert, you can
+explicitly add the intermediary RSA-MD5 cert to your trusted certs.
+The signature on trusted certificates are not checked, so the chain
+has a chance to validate correctly. Reported by "Douglas E. Engert"
+<deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: result_size in gnutls_hex_encode now holds
+the size of the result. Report by John Brooks <special@dereferenced.net>.
+
+** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+Reported by Tristan Hill <stan@saticed.me.uk>.
+
+** libgnutls: Permit V1 Certificate Authorities properly.
+Before they were mistakenly rejected even though
+GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+"Douglas E. Engert" <deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
+This is a bugfix -- the previous attempt to do this from internal x509
+certificate verification procedures did not return the correct value
+for certificates using a weak hash. Reported by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
+debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>.
+
+** libgnutls: Fix compile error with Sun CC.
+Reported by Jeff Cai <jeff.cai@sun.com> in
+<https://savannah.gnu.org/support/?106549>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.3 (released 2008-12-12)
+
+** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
+Reported by Michael Kiefer <Michael-Kiefer@web.de> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by
+Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>.
+
+** libgnutls: Fix memory leak in PSK authentication.
+Reported by Michael Weiser <michael@weiser.dinsnail.net> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1465>.
+
+** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
+It needs to be invoked before libgcrypt is initialized.
+
+** gnutls-cli: Return non-zero exit code on error conditions.
+
+** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.2 (released 2008-11-12)
+
+** libgnutls: Fix crash in X.509 validation code for self-signed certificates.
+The patch to fix the security problem GNUTLS-SA-2008-3 introduced a
+problem for certificate chains that contained just one self-signed
+certificate. Reported by Michael Meskes <meskes@debian.org> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.1 (released 2008-11-10)
+
+** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
+The flaw makes it possible for man in the middle attackers (i.e.,
+active attackers) to assume any name and trick GnuTLS clients into
+trusting that name. Thanks for report and analysis from Martin von
+Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
+
+Any updates with more details about this vulnerability will be added
+to <https://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
+Reported by Kevin Quick <quick@sparq.org> in
+<https://savannah.gnu.org/support/index.php?106454>.
+
+** libgnutls-extra: Protect internal symbols with static.
+Fixes problem when linking certtool statically. Tiny patch from Aaron
+Ucko <ucko@ncbi.nlm.nih.gov>.
+
+** libgnutls-openssl: Fix patch against X509_get_issuer_name.
+It incorrectly returned the subject DN instead of issuer DN in v2.6.0.
+Thanks to Thomas Viehmann <tv@beamnet.de> for report.
+
+** certtool: Print a PKCS #8 key even if it is not encrypted.
+
+** tests: Make tests compile when using internal libtasn1.
+Patch by ludo@gnu.org (Ludovic Courtès).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.0 (released 2008-10-06)
+
+** libgnutls: Correct printing and parsing of IPv6 addresses.
+
+** libgnutls-openssl: fix out of bounds access.
+Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch
+from Thomas Viehmann <tv@beamnet.de>.
+
+** certtool: Use inet_pton for parsing IPv6 addresses.
+
+** Major changes compared to the v2.4 branch:
+
+*** Added API to replace and update the crypto backend.
+
+*** certtool: can add several subject alternative names via template file.
+
+*** opencdk: Parse (but not decrypt) encrypted secret keys.
+
+*** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can
+either set or append alternative names. It can also handle binary structures
+such as IP addresses.
+
+*** libgnutls: New function to set minimum acceptable SRP bits.
+The function is gnutls_srp_set_prime_bits.
+
+*** libgnutls: Add interface to deal with public key and signature algorithms.
+The functions are called gnutls_pk_list, gnutls_pk_get_id,
+gnutls_sign_list, and gnutls_sign_get_id.
+
+*** libgnutls: New interfaces to get name of public key and signing algorithms.
+The functions are gnutls_sign_get_name and gnutls_pk_get_name.
+
+*** libgnutls: New API to get a string corresponding to a error symbol.
+The function is gnutls_strerror_name.
+
+*** libgnutls: New API to set the public parameters in a certificate request
+*** from a private key.
+The function is gnutls_x509_crq_set_key_rsa_raw.
+
+*** libgnutls: New API to set a callback to extract TLS Finished data.
+The function to register is gnutls_session_set_finished_function and
+it takes a callback of the gnutls_finished_callback_func type.
+
+*** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE.
+
+*** libgnutls: New interface to register a new TLS extension handler.
+The new function gnutls_ext_register can be used to register handlers
+for specific TLS extension types. The callback functions have the new
+types gnutls_ext_recv_func and gnutls_ext_send_func. A type to
+classify TLS extensions, gnutls_ext_parse_type_t, has been added as
+well.
+
+*** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode.
+The function is gnutls_register_md5_handler. When libgcrypt is in
+FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in
+the PRF.
+
+*** API/ABI changes in GnuTLS 2.6
+No functions have been removed or modified. The library should be
+fully backwards compatible on both the source and binary level.
+
+A new header file <gnutls/crypto.h> have been added. It contains
+definitions related to replacing the internal crypto functionality.
+All definitions and the header itself is experimental but supported.
+
+We have realized that the symbols TLS_MASTER_SIZE and TLS_RANDOM_SIZE
+does not use the normal namespace. We have added GNUTLS_MASTER_SIZE
+and GNUTLS_RANDOM_SIZE, but the old symbols are still defined.
+
+The following functions have been added to libgnutls:
+
+GNUTLS_MASTER_SIZE
+GNUTLS_RANDOM_SIZE
+gnutls_crypto_bigint_register2
+gnutls_crypto_cipher_register2
+gnutls_crypto_digest_register2
+gnutls_crypto_mac_register2
+gnutls_crypto_pk_register2
+gnutls_crypto_rnd_register2
+gnutls_crypto_single_cipher_register2
+gnutls_crypto_single_digest_register2
+gnutls_crypto_single_mac_register2
+gnutls_ext_register
+gnutls_pk_get_id
+gnutls_pk_get_name
+gnutls_pk_list
+gnutls_session_set_finished_function
+gnutls_sign_get_id
+gnutls_sign_get_name
+gnutls_sign_list
+gnutls_srp_set_prime_bits:
+gnutls_strerror_name
+gnutls_x509_crq_set_key_rsa_raw
+gnutls_x509_crt_set_crl_dist_points2
+gnutls_x509_crt_set_subject_alt_name
+
+The following functions have been added to libgnutls-extra:
+
+gnutls_register_md5_handler
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.5.9 (released 2008-09-29)
+
+** libgnutls: Fix several memory leaks.
+Reported by Sam Varshavchik <mrsam@courier-mta.com>.
+
+** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import.
+Report and patch by Jonathan Manktelow.
+
+** libgnutls: crypto.h gnutls_pk_params_st changes allocation strategy.
+The parameters are now allocated in the structure itself.
+
+** doc: Texinfo HTML manual uses a stylesheet to improve readability.
+
+** tests: Scripts now use EXEEXT properly.
+Modern libtool doesn't create wrapper script, so the self tests need
+to invoke certtool.exe under MinGW32+Wine.
+
+** Uses autoconf 2.63, automake 1.10.1, libtool 2.2.6a.
+Automake warnings are now also enabled.
+
+** API and ABI modifications:
+gnutls_pk_params_st: MODIFIED
+
+* Version 2.5.8 (released 2008-09-21)
+
+** certtool: updated so it can add several subject alternative names using
+the template file.
+
+** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can
+either set or append alternative names. It can also handle binary structures
+such as IP addresses.
+
+** libgnutls: Fix crash in hashing code when using non-libgcrypt handlers.
+
+** libgnutls: New function to set minimum acceptable SRP bits.
+The function is gnutls_srp_set_prime_bits. Tiny patch by Kevin Quick
+<quick@sparq.org> in <https://savannah.gnu.org/support/index.php?106454>.
+
+** libgnutls: Check for overflows in gnutls_calloc and gnutls_secure_calloc.
+Also fix overflows in calls to those functions. Reported by Werner
+Koch <wk@gnupg.org>.
+
+** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode.
+The function is gnutls_register_md5_handler. When libgcrypt is in
+FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in
+the PRF.
+
+** Opencdk: Add calls to gnutls_assert to ease debugging.
+
+** Indent code.
+
+** API and ABI modifications:
+gnutls_srp_set_prime_bits: ADDED
+gnutls_register_md5_handler: ADDED
+gnutls_x509_crt_set_crl_dist_points2: ADDED
+gnutls_x509_crt_set_subject_alt_name: ADDED
+
+* Version 2.5.7 (released 2008-09-16)
+
+** libgnutls: New interfaces to get name of public key and signing algorithms.
+The functions are gnutls_sign_get_name and gnutls_pk_get_name.
+
+** libgnutls: Don't crash when gnutls_credentials_set is called twice.
+
+** libgnutls: Fix libgnutls shared library version.
+It wasn't properly incremented after adding symbols in the last
+release.
+
+** manual: Now mention supported public key and public key signing algorithms.
+
+** tests/openssl: initialize gnutls before use.
+
+** tests/setcredcrash: New test to catch regressions of gnutls_credentials_set.
+
+** GTK-DOC manual: mention new symbols in 2.6.x. Mention crypto.h functions.
+
+** API and ABI modifications:
+gnutls_sign_get_name: ADDED
+gnutls_pk_get_name: ADDED
+
+* Version 2.5.6 (released 2008-09-08)
+
+** libgnutls: Add interface to deal with public key and signature algorithms.
+The functions are called gnutls_pk_list, gnutls_pk_get_id,
+gnutls_sign_list, and gnutls_sign_get_id. Suggested by Sam
+Varshavchik <mrsam@courier-mta.com>.
+
+** libgnutls: Refactor and clean up some code.
+
+** libgnutls: Fix compile error with Sun CC.
+
+** gnutls-cli: Improve --list output to include public key and signature algs.
+
+** gnutls-cli, gnutls-serv: Remove --copyright parameter.
+Use standard --version to get license info.
+
+** gnutls-cli.1: Document all new parameters.
+Thanks to James Westby <jw+debian@jameswestby.net>.
+
+** tests: New self-test pgps2kgnu to test parsing of encrypted secrets.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** API and ABI modifications:
+gnutls_pk_list: ADDED
+gnutls_pk_get_id: ADDED
+gnutls_sign_list: ADDED
+gnutls_sign_get_id: ADDED
+
+* Version 2.5.5 (released 2008-08-29)
+
+** libgnutls: New API to get a string corresponding to a error symbol.
+The function is gnutls_strerror_name.
+
+** libgnutls: Fix include paths so that building with internal libtasn1 works.
+Reported by "jth.net ApS" <info@jth.net>.
+
+** libgnutls: Fix segmentation fault when generating private keys.
+Reported by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** libgnutls: Remove code to import certificate chains in PKCS#7 format.
+The code has not worked since v0.9.0 and apparently nobody has missed
+it, so we decided to remove the code rather than fix it. If you have
+old certificate chains stored in PKCS#7 format, you can convert them
+to a list of PEM certificates by using 'certtool --p7-info'. Reported
+by Christian Grothoff <christian@grothoff.org>.
+
+** opencdk: Parse (but not decrypt) encrypted secret keys.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** libgnutls: Fix many warnings.
+
+** Included copy of libtasn1 is upgraded to version 1.5.
+
+** Add French translation, thanks to Nicolas Provost.
+
+** API and ABI modifications:
+gnutls_strerror_name: ADDED
+
+* Version 2.5.4 (released 2008-08-19)
+
+** Fix secure memory initialization of libgcrypt.
+Reported by Joe Orton <joe@manyfish.co.uk> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2992>.
+
+** Doc fixes.
+Reference to NIST SP 800-57 in the manual on key size recommendations.
+Added 'Since:' tags to new APIs for gtk-doc.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.5.3 (released 2008-08-14)
+
+** libgnutls: New API to set the public parameters in a certificate request
+** from a private key.
+The function is gnutls_x509_crq_set_key_rsa_raw. Inspired by
+discussion with "Zach C." <fxchip@gmail.com>.
+
+** libgnutls: New API to set a callback to extract TLS Finished data.
+The function to register is gnutls_session_set_finished_function and
+it takes a callback of the gnutls_finished_callback_func type.
+
+** libgnutls: Drop final comma after GNUTLS_CRT_PRINT_UNSIGNED_FULL in enum.
+Reported in <https://savannah.gnu.org/support/?106453>.
+
+** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE.
+The new names are GNUTLS_MASTER_SIZE and GNUTLS_RANDOM_SIZE. The old
+names are mapped to the new names in compat.h. These mappings will
+likely be removed more quickly than other mappings in that file due to
+the namespace violation.
+
+** libgnutlsxx: Make it build when SRP is disabled.
+
+** doc: Add doxygen files in doc/doxygen/.
+
+** API and ABI modifications:
+gnutls_x509_crq_set_key_rsa_raw: ADDED
+gnutls_session_set_finished_function: ADDED
+gnutls_finished_callback_func: ADDED
+GNUTLS_MASTER_SIZE: ADDED
+GNUTLS_RANDOM_SIZE: ADDED
+TLS_MASTER_SIZE: DEPRECATED
+TLS_RANDOM_SIZE: DEPRECATED
+
+* Version 2.5.2 (released 2008-07-08)
+
+** libgnutls: Fix bug in gnutls_dh_params_generate2.
+The prime and generator was swapped.
+
+** libgnutls: New interface to register a new TLS extension handler.
+The new function gnutls_ext_register can be used to register handlers
+for specific TLS extension types. The callback functions have the new
+types gnutls_ext_recv_func and gnutls_ext_send_func. A type to
+classify TLS extensions, gnutls_ext_parse_type_t, has been added as
+well.
+
+** Move more code for TLS/IA extension from libgnutls to libgnutls-extra.
+This was made possible by using the new gnutls_ext_register interface.
+The TLS/IA functionality has only been supported through the
+libgnutls-extra library, so it makes sense for the code to belong
+there too.
+
+** API and ABI modifications:
+gnutls_ext_recv_func: ADDED
+gnutls_ext_send_func: ADDED
+gnutls_ext_parse_type_t: ADDED
+gnutls_ext_register: ADDED
+
+* Version 2.5.1 (released 2008-07-02)
+
+** Indent code.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.5.0 (released 2008-07-02)
+
+** Port fixes from v2.4.1 release, see below.
+
+** Added API to replace and update the crypto backend.
+The header gnutls/crypto.h is now officially supported, and declares
+the symbols below.
+
+** Rewritten opencdk crypto backend, to use the gnutls internal one.
+
+** Update gnulib and translations.
+The gnulib gc crypto code has been removed since it was never finished
+and is no longer even used. An internal non-libgcrypt crypto
+implementation may be added in the future, but we'll decide that later
+on.
+
+** API and ABI modifications:
+gnutls_crypto_bigint_register2: ADDED.
+gnutls_crypto_cipher_register2: ADDED.
+gnutls_crypto_digest_register2: ADDED.
+gnutls_crypto_mac_register2: ADDED.
+gnutls_crypto_pk_register2: ADDED.
+gnutls_crypto_rnd_register2: ADDED.
+gnutls_crypto_single_cipher_register2: ADDED.
+gnutls_crypto_single_digest_register2: ADDED.
+gnutls_crypto_single_mac_register2: ADDED.
+
+* Version 2.4.3 (released 2009-02-06)
+
+** libgnutls: Accept chains where intermediary certs are trusted.
+Before GnuTLS needed to validate the entire chain back to a
+self-signed certificate. GnuTLS will now stop looking when it has
+found an intermediary trusted certificate. The new behaviour is
+useful when chains, for example, contains a top-level CA, an
+intermediary CA signed using RSA-MD5, and an end-entity certificate.
+To avoid chain validation errors due to the RSA-MD5 cert, you can
+explicitly add the intermediary RSA-MD5 cert to your trusted certs.
+The signature on trusted certificates are not checked, so the chain
+has a chance to validate correctly. Reported by "Douglas E. Engert"
+<deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: Permit V1 Certificate Authorities properly.
+Before they were mistakenly rejected even though
+GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+"Douglas E. Engert" <deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
+This is a bugfix -- the previous attempt to do this from internal x509
+certificate verification procedures did not return the correct value
+for certificates using a weak hash. Reported by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
+debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>.
+
+** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
+Reported by Michael Kiefer <Michael-Kiefer@web.de> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by
+Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>.
+
+** libgnutls: Fix crash in X.509 validation code for self-signed certificates.
+The patch to fix the security problem GNUTLS-SA-2008-3 introduced a
+problem for certificate chains that contained just one self-signed
+certificate. Reported by Michael Meskes <meskes@debian.org> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.
+
+** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
+The flaw makes it possible for man in the middle attackers (i.e.,
+active attackers) to assume any name and trick GnuTLS clients into
+trusting that name. Thanks for report and analysis from Martin von
+Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
+
+Any updates with more details about this vulnerability will be added
+to <https://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import.
+Report and patch by Jonathan Manktelow.
+
+** libgnutls: Avoid use of non-thread safe strerror.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.2 (released 2008-09-15)
+
+** libgnutls: Don't crash when gnutls_credentials_set is called twice.
+
+** libgnutls: Corrected memory leak in X.509 functions.
+Thanks to Colin Leroy <colin@colino.net>.
+
+** libgnutls: Fix compile error with Sun CC.
+
+** gnutls-cli.1: Document all new parameters.
+Thanks to James Westby <jw+debian@jameswestby.net>.
+
+** tests/openssl: initialize gnutls before use.
+Fixes crash with libgcrypt 1.4.2. Reported by Ludovic Courtes
+<ludovic.courtes@laas.fr>.
+
+** doc/: Fix texinfo markup for old texinfo versions.
+
+** Included copy of libtasn1 is upgraded to version 1.5.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.1 (released 2008-06-30)
+
+** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
+If the gnutls_handshake function is called for a normal session, which
+can happen for re-handshakes, the library would crash because it tried
+to hash some data using a libgcrypt handle that had been deallocated.
+Report and tiny patch from Tomas Mraz <tmraz@redhat.com>. Any updates
+with more details about this vulnerability will be added to
+<https://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix memory leaks when doing a re-handshake.
+Reported by Sam Varshavchik <mrsam@courier-mta.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>.
+
+** Fix compiler warnings.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://thread.gmane.org/gmane.network.gnutls.general/1281>.
+
+** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
+
+** srptool: Fix a problem where --verify check does not succeed.
+Report and tiny patch by Matthias Koenig <mkoenig@suse.de> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2944>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.0 (released 2008-06-19)
+
+** Major changes compared to the v2.2 branch:
+
+*** The OpenPGP sub-system has been improved and now supports subkeys.
+
+*** The PSK sub-system has been improved and now supports password
+*** derivation and PSK identity hints.
+The password derivation algorithms support is documented in
+draft-ietf-netconf-tls-02.txt.
+
+*** The certtool --inder and --outder has been replaced by --inraw and --outraw.
+This aligns terminology with OpenPGP, which doesn't use DER encoding.
+The old parameters will continue to work for some time.
+
+*** Certtool now confirm passwords and changes permissions of private key files.
+
+*** The default handshake size limit has been increased to 48kb.
+It appears as if some valid handshakes are large due to sending many
+CA certificates. (The earlier limit was 16kb.)
+
+*** LZO compression is now disabled by default.
+The main reason is that LZO compression in TLS is not standardized,
+but license compatiblity issues with minilzo triggered us to make this
+decision now.
+
+*** Improvements for cross-compilation to Windows and OpenWRT.
+
+*** The look of the GTK-DOC manual has been improved.
+Major developer visible changes compared to the v2.2 branch:
+
+*** Full OpenPGP support is part of libgnutls, licensed under the LGPL.
+
+*** New APIs to access the raw X.509 Subject and Issuer DN's and
+*** elements from the certificate credentials structure.
+Thanks to Joe Orton.
+
+*** New APIs to improve working with username/passwords and PSK.
+
+*** Names of constants to affect certificate printing changed.
+The constants are used for OpenPGP too, which the names didn't
+reflect, so the following name change has been made:
+
+ Old name New name
+ GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL
+ GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE
+ GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
+
+The old names will be mapped to the new names for some time.
+
+*** The function gnutls_openpgp_privkey_get_id has been renamed to
+*** gnutls_openpgp_privkey_get_key_id.
+A compatibility mapping exists to avoid breaking API backwards
+compatibility.
+
+*** Replaced all uses of alloca with malloc and free.
+
+*** We no longer build with -D_REENTRANT -D_THREAD_SAFE.
+We have been unable to find a documented rationale for this practice.
+
+*** Of course, many smaller fixes have been made, see the ChangeLog file.
+
+*** API/ABI changes in GnuTLS 2.4
+All OpenPGP related functions have been moved from libgnutls-extra to
+libgnutls, and several new functions have been added (see below).
+Before making the release, we discussed whether moving functions from
+libgnutls-extra to libgnutls would require us to increment the ABI
+version, but the general opinion was that this would not be required.
+All older functions continue to work the same. We are open to the
+possibility that this decision will lead to problem on some platform,
+and if it turns out that the Right Thing should have been to increment
+the shared library version, we would need to release an update within
+the 2.4.x branch that increments the shared library version.
+
+This release adds the following functions:
+
+ gnutls_psk_client_get_hint
+ gnutls_psk_set_server_credentials_hint
+ gnutls_psk_netconf_derive_key
+
+ Used to get/set the PSK identity hint, and derive PSK keys from
+ passwords a'la netconf.
+
+ gnutls_x509_dn_deinit
+ gnutls_x509_dn_export
+ gnutls_x509_dn_import
+ gnutls_x509_dn_init
+
+ Used to handle X.509 Certificate DN's directly.
+
+ gnutls_hex2bin
+
+ Converts a data buffer to hex. Useful for handling PSK/SRP shared
+ secrets.
+
+ gnutls_certificate_get_x509_cas
+ gnutls_certificate_get_x509_crls
+ gnutls_certificate_get_openpgp_keyring
+
+ Functions for direct access to credential elements.
+
+ gnutls_openpgp_crt_get_auth_subkey
+ gnutls_openpgp_crt_get_key_id
+ gnutls_openpgp_crt_get_pk_dsa_raw
+ gnutls_openpgp_crt_get_pk_rsa_raw
+ gnutls_openpgp_crt_get_preferred_key_id
+ gnutls_openpgp_crt_get_revoked_status
+ gnutls_openpgp_crt_get_subkey_count
+ gnutls_openpgp_crt_get_subkey_creation_time
+ gnutls_openpgp_crt_get_subkey_expiration_time
+ gnutls_openpgp_crt_get_subkey_fingerprint
+ gnutls_openpgp_crt_get_subkey_id
+ gnutls_openpgp_crt_get_subkey_idx
+ gnutls_openpgp_crt_get_subkey_pk_algorithm
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw
+ gnutls_openpgp_crt_get_subkey_revoked_status
+ gnutls_openpgp_crt_get_subkey_usage
+ gnutls_openpgp_crt_print
+ gnutls_openpgp_crt_set_preferred_key_id
+ gnutls_openpgp_keyring_get_crt
+ gnutls_openpgp_keyring_get_crt_count
+ gnutls_openpgp_privkey_export
+ gnutls_openpgp_privkey_export_dsa_raw
+ gnutls_openpgp_privkey_export_rsa_raw
+ gnutls_openpgp_privkey_export_subkey_dsa_raw
+ gnutls_openpgp_privkey_export_subkey_rsa_raw
+ gnutls_openpgp_privkey_get_fingerprint
+ gnutls_openpgp_privkey_get_key_id
+ gnutls_openpgp_privkey_get_pk_algorithm
+ gnutls_openpgp_privkey_get_preferred_key_id
+ gnutls_openpgp_privkey_get_revoked_status
+ gnutls_openpgp_privkey_get_subkey_count
+ gnutls_openpgp_privkey_get_subkey_creation_time
+ gnutls_openpgp_privkey_get_subkey_expiration_time
+ gnutls_openpgp_privkey_get_subkey_fingerprint
+ gnutls_openpgp_privkey_get_subkey_id
+ gnutls_openpgp_privkey_get_subkey_idx
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ gnutls_openpgp_privkey_get_subkey_revoked_status
+ gnutls_openpgp_privkey_set_preferred_key_id
+
+ New OpenPGP related functions.
+
+ The function gnutls_openpgp_crt_get_key_id is the same as the old
+ from gnutls_openpgp_crt_get_id, see above.
+
+The release also adds a new header file 'gnutls/crypto.h', however it
+is currently not used.
+
+** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** API and ABI modifications:
+gnutls_openpgp_crt_get_subkey_fingerprint: ADDED.
+gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED.
+
+* Version 2.3.15 (released 2008-06-15)
+
+** Disable the openpgp-certs self-tests.
+It results in failure under Wine and doesn't work on Debian buildds.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.14 (released 2008-06-11)
+
+** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
+An OpenPGP certificate is now only considered verified if all the user
+IDs are verified.
+
+** Examples: Make C++ example compile.
+Earlier it may have failed with an unresolved reference to strlen.
+
+** Documentation: Doc fix for gnutls_x509_crt_get_extension_oid.
+Reported by Sam Varshavchik <mrsam@courier-mta.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.13 (released 2008-06-07)
+
+** libgnutls [OpenPGP]: Make OpenPGP handshakes work again.
+
+** doc/: Add psktool to info index. Some minor cleanups.
+
+** tests/: Added non-forking TLS handshake test, see tests/mini.c.
+
+** tests/: Added libgcrypt.supp which can be used with valgrind.
+The file suppresses the known libgcrypt memory leaks, so they aren't
+printed when you run valgrind on the gnutls self-tests. Use it as
+follows: valgrind --suppressions=libgcrypt.supp ./x509self or add
+'--suppressions=/home/you/src/gnutls/tests/libgcrypt.supp' to your
+~/.valgrindrc file.
+
+** tests/: Reduce amount of debugging output by default.
+Use --verbose for each test to get the full output.
+
+** tests/: Fix memory leaks in several self-tests.
+None of the self tests should be leaking memory when running valgrind
+or similar tools. (Known exceptions are dhepskself, pskself, and
+set_pkcs12_cred, which appear likely to be due to memory leaks in the
+library.)
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.12 (released 2008-06-04)
+
+** Merge gnutls_with_netconf branch.
+
+*** libgnutls [PSK]: New API to retrieve PSK identity hint in client.
+The function is gnutls_psk_client_get_hint.
+
+*** libgnutls [PSK]: New API to set PSK identity hint in server.
+The function is gnutls_psk_set_server_credentials_hint.
+
+*** libgnutls [PSK]: Support server key exchange with PSK identity hint.
+In the client, the message is parsed and the application can use
+gnutls_psk_client_get_hint to retrieve the hint. In the server, the
+message is sent if the application has specified a PSK identity hint
+using gnutls_psk_set_server_credentials_hint.
+
+*** libgnutls [PSK]: Support Netconf PSK key derivation.
+The function gnutls_psk_netconf_derive_key supports the PSK key
+derivation as specified in draft-ietf-netconf-tls-02.txt. New self
+test netconf-psk.c.
+
+*** psktool: Support new --netconf-hint to generate PSK key from password.
+Uses the Netconf algorithm to derive PSK key from password.
+
+*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint.
+
+*** gnutls-cli: Always support PSK modes, through a callback.
+The callback will derive a PSK key using Netconf algorithm. It will
+print the PSK identity hint to help the user.
+
+*** New PSK example client and server.
+See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c.
+
+** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms.
+The code didn't work properly on platforms where 'char' is unsigned,
+when you set version 0. Reported by Laurence Withers
+<l@lwithers.me.uk> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2825>.
+
+** libgnutls-openssl: added RAND_pseudo_bytes API.
+Patch from Robert Millan <rmh@aybabtu.com>.
+
+** API and ABI modifications:
+RAND_pseudo_bytes: ADDED to libgnutls-openssl.
+gnutls_psk_client_get_hint: ADDED.
+gnutls_psk_set_server_credentials_hint: ADDED.
+gnutls_psk_netconf_derive_key: ADDED
+
+* Version 2.3.11 (released 2008-05-20)
+
+** Fix flaw in fix for GNUTLS-SA-2008-1-3.
+The flaw would result in incorrectly terminated sessions with the
+error "Decryption has failed" when the server sends a small packet
+(typically when the session is closed). Reported by Andreas Metzler
+<ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>.
+
+** Don't use gnulib headers when building C++ library.
+Fixes builds under Windows.
+
+** Make umask a requirement.
+We don't know of any system that lacks it, even GNU CoreUtils use it
+unconditionally.
+
+** Update gnulib files.
+Fixes a problem where it pulled in a replacement for memcmp under
+MinGW, which caused the C++ example to fail to build.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.10 (released 2008-05-19)
+
+** Added wide wildcard hostname matching.
+Tiny patch by Jean-Philippe Garcia Ballester.
+
+** Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily. Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates
+with more details about these vulnerabilities will be added to
+<https://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to read memory beyond the end of the received record.
+
+** libgnutlsxx: Updated API according to patches from Eduardo
+Villanueva Che (discussion at
+<http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>)
+
+** Use umask to restrict permissions to owner before creating a file.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.9 (released 2008-05-16)
+
+** libgnutls: Fix build failures if SRP/OpenPGP is disabled.
+Based on report and tiny patches from
+<jared.jennings.ctr@eglin.af.mil>, see
+<https://savannah.gnu.org/support/index.php?106342>.
+
+** libgnutls: Translation fixes.
+
+** gnutls-cli: Fix so that PSK authentication works.
+Also improve manual to give example for gnutls-cli PSK authentication.
+
+** certtool: Encrypting a private key now require a confirmed password.
+Before './certtool -k -8' would merely ask for a password once.
+Reported by Daniel 'NebuchadnezzaR' Dehennin
+<nebuchadnezzar@asgardr.info> see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>.
+
+** certtool: When writing private keys to files, change permissions of file.
+Now the file which the private key is saved to is chmod'ed 0600.
+Reported by martin f krafft <madduck@debian.org> see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>.
+
+** guile: Fix -fgnu89-inline test.
+
+** Removed --enable-profile-mode.
+The code linked gnutls with the libfc project (Function Check) which
+appears to have been stalled since around 2002.
+
+** Clean up header file checks by ./configure.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.8 (released 2008-04-29)
+
+** libgnutls: Increase default handshake packet size limit to 48kb.
+The old limit was 16kb and some servers send huge list of trusted CAs,
+thus running into the limit. FYI, applications can further increase
+this limit using gnutls_handshake_set_max_packet_length. Thanks to
+Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente"
+<marc@mclemente.net> for reporting and providing test servers.
+
+** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE
+Returned when the handshake data size is too large. Before
+GNUTLS_E_MEMORY_ERROR was used, which could be confused with other
+error situations.
+
+** libgnutls: Hide definitions in crypto.h.
+We have decided that the APIs defined in crypto.h are not stable
+enough for v2.4, so don't use any of those functions.
+
+** gnutls-cli: exit when hostname doesn't match certificate.
+Use --insecure to avoid hostname comparison.
+
+** certtool: --inder and --outder replaced by --inraw and --outraw.
+The reason is to align terminology with OpenPGP, which doesn't use
+DER. The old parameters will continue to work for some time.
+
+** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual.
+
+** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings.
+
+** Mingw32: Revert libgcrypt vasprintf work-around added in last release.
+Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the
+vasprintf symbol from the libgcrypt library which caused problems.
+
+** Update of gnulib files.
+
+** tests: New self-test of crypto.h RNG code tests/crypto_rng.
+
+** API and ABI modifications:
+GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED.
+
+* Version 2.3.7 (released 2008-04-21)
+
+** opencdk now properly sets the key usage bits into openpgp keys.
+
+** gnutls-cli: Fix crash on TLS handshake failures.
+Reported by "Marc F. Clemente" <marc@mclemente.net> in Debian BTS #466477.
+This is similar to <http://bugs.debian.org/429183>.
+
+** certtool: with --generate-request and newly generated keys, print the key.
+
+** Build fixes for MinGW.
+Missing rpl_fseeko symbol in lib/opencdk/. Better checks for linking
+with -lws2_32 when needed. Use ASCII only isprint() when printing
+X.509 certificate information, to avoid non-ASCII but printable
+characters. Thanks to Massimo Gaspari <massimo.gaspari@alice.it> for
+reports.
+
+** Update internal copy of libtasn1 to version 1.4.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.6 (released 2008-04-17)
+
+** Make gnutls_x509_crq_sign2 set certificate request version if not set.
+** Improve documentation for gnutls_x509_crq_sign2.
+Based on report from "John Brooks" <aspecialj@gmail.com> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1154>.
+
+** tests/pathlen: run diff without parameters to improve portability.
+Based on HPUX build hints in
+<http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>.
+
+** Don't use %e specifier with strftime, it doesn't work under Windows.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1170>.
+
+** Remove all uses of gnutls_alloca/gnutls_afree.
+Use normal gnutls_malloc instead. One reason is increased portability
+to Windows, the other is that several of the uses may be unsafe
+because the size of data allocated could be large. Reported by
+Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1170>.
+
+** Build Guile code with -fgnu89-inline only when supported.
+Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>.
+
+** Several GTK-DOC related fixes.
+
+** Clean up OpenCDK related code.
+GnuTLS now requires its internal OpenCDK code rather than the external
+GPL library OpenCDK. Unfortunately, we don't have resources to
+maintain an external library (help welcome).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.5 (released 2008-04-14)
+
+** Build fix for MinGW and --disable-shared.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1145>.
+
+** Document how to generate CRLs.
+Suggested by "Rainer Gerhards" <rgerhards@gmail.com>.
+
+** Documented the --priority option to gnutls-cli and gnutls-serv.
+
+** Several minor fixes in the OpenPGP interface.
+Thanks to Daniel Kahn Gillmor.
+
+** Fix fopen file descriptor leak in PSK server code.
+Thanks to Laurence Withers <l@lwithers.me.uk>, see
+<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.
+
+** Translations files not stored directly in git to avoid merge conflicts.
+
+** New APIs to let applications replace the RNG used.
+Update all RNG callers in the code to use the new interface.
+
+** Guile code now built with -fgnu89-inline to fix inline semantic problem.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+gnutls_crypto_rnd_register: ADDED
+gnutls_rnd_level_t: ADDED
+GNUTLS_RND_KEY: ADDED, gnutls_rnd_level_t member
+GNUTLS_RND_RANDOM: ADDED, gnutls_rnd_level_t member
+GNUTLS_RND_NONCE: ADDED, gnutls_rnd_level_t member
+gnutls_crypto_rnd_st: ADDED
+GNUTLS_DIG_SHA224: ADDED
+GNUTLS_SIGN_RSA_SHA224: ADDED
+gnutls_openpgp_crt_get_auth_subkey: MODIFIED
+
+* Version 2.3.4 (released 2008-03-19)
+
+** Finish renaming of gnutls_certificate_export_x509_cas etc.
+They weren't renamed in the public header file.
+
+** Added functions to register a cipher/mac/digest. This allows to
+override the included ones.
+
+** Fix a bunch of compiler warnings.
+
+** API and ABI modifications:
+gnutls_crypto_cipher_st: ADDED
+gnutls_crypto_mac_st: ADDED
+gnutls_crypto_digest_st: ADDED
+gnutls_crypto_cipher_register: ADDED
+gnutls_crypto_mac_register: ADDED
+gnutls_crypto_digest_register: ADDED
+GNUTLS_E_CRYPTO_ALREADY_REGISTERED: ADDED
+
+* Version 2.3.3 (released 2008-03-10)
+
+** Fix build failure in libextra/gnutls_extra.c that needed opencdk.h.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+** No longer compiled using -D_REENTRANT -D_THREAD_SAFE.
+We could not find any modern justification for enabling these flags by
+default. If you know of some platform that needs one of the flags to
+work properly, please let us know. (Actually introduced in v2.3.0 but
+not documented until now.)
+
+** Importing many CA certificates are now considerably faster.
+This affect gnutls_certificate_set_x509_trust_mem,
+gnutls_certificate_set_x509_trust, and
+gnutls_certificate_set_x509_trust_file. The complexity was reduced
+from O(2*n^2) to O(n). When adding 206 files containing 408
+certificates, using gnutls_certificate_set_x509_trust_file, the time
+dropped from 40 seconds to 0.3 seconds. Thanks to Edgar Fuß for code
+to trigger the problem. See also
+<http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/>.
+
+** Clarify documentation for gnutls_x509_crt_set_subject_alternative_name
+** to be explicit that it takes zero terminated data.
+
+** gnutls-cli --print-cert now print PKCS#3 format Diffie-Hellman parameters.
+
+** Documentation fixes for the GTK-DOC manual.
+
+** Fix compilation error related to __FUNCTION__ on some systems.
+Reported by Tim Mooney, see
+<https://savannah.gnu.org/support/?106267>.
+
+** Updated translations.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+gnutls_hex2bin: MODIFIED, uses size_t instead of int for string length,
+ and char* instead of void* for output buffer.
+
+* Version 2.3.2 (released 2008-02-26)
+
+** Fix srcdir!=objdir failure in openpgpself test.
+
+** Improved API documentation output from GTK-DOC.
+
+** Added gnutls_x509_dn_export(). Patch by Joe Orton.
+
+** Renamed gnutls_certificate_export_x509_cas and friends.
+See <http://lists.gnu.org/archive/html/gnutls-devel/2008-02/msg00043.html>.
+
+** Internal header files cleanup.
+
+** API and ABI modifications:
+gnutls_certificate_export_x509_cas: RENAMED to gnutls_certificate_get_x509_cas
+gnutls_certificate_export_x509_crls: RENAMED to gnutls_certificate_get_x509_crls
+gnutls_certificate_export_openpgp_keyring: RENAMED to gnutls_certificate_get_openpgp_keyring
+gnutls_x509_dn_export: ADDED
+
+* Version 2.3.1 (released 2008-02-21)
+
+** OpenPGP support merged into libgnutls and is now licensed under LGPL.
+The included copy of OpenCDK has been stripped down and re-licensed
+under the LGPL.
+
+** Cipher priority string handling now handle strings that starts with NULL.
+Thanks to Laurence Withers <l@lwithers.me.uk>.
+
+** gnutls-cli: When -d is used, also prints RNG information from libgcrypt.
+
+** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
+by Daniel Stenberg.
+
+** Increased the default certificate verification chain limits and allowed
+for checks without limitation.
+
+** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
+and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
+strings and return the proper size.
+
+** Add section 'On Record Padding' to the manual.
+This collects all problems related to record padding with
+Nokia/Sony-Ericsson phones that we know about.
+
+** Several improvements in the OpenPGP authentication.
+Now subkeys can be used for authentication, according to
+draft-mavrogiannopoulos-rfc5081bis-00.txt.
+
+** certtool can print information on OpenPGP certificates and keys.
+
+** Added gnutls_x509_dn_import/init/deinit() to access raw DER DN.
+Patch by Joe Orton.
+
+** Added gnutls_certificate_export_x509_cas and other functions to
+export elements from the certificate credentials structure. Based on
+suggestion from Joe Orton.
+
+** Doc fixes.
+Clarify that srp_base64 is not the same as normal base64.
+
+** Fix non-portable use of brace expansion in makefiles.
+
+** API and ABI modifications:
+gnutls_certificate_export_x509_cas: ADDED
+gnutls_certificate_export_x509_crls: ADDED
+gnutls_certificate_export_openpgp_keyring: ADDED
+gnutls_openpgp_keyid_t: ADDED, instead of hard-coded 'unsigned char[8]'.
+gnutls_openpgp_crt_get_key_id: ADDED, obsoletes gnutls_openpgp_crt_get_id.
+gnutls_openpgp_crt_get_revoked_status: ADDED
+gnutls_openpgp_crt_get_subkey_count: ADDED
+gnutls_openpgp_crt_get_subkey_idx: ADDED
+gnutls_openpgp_crt_get_subkey_revoked_status: ADDED
+gnutls_openpgp_crt_get_subkey_pk_algorithm: ADDED
+gnutls_openpgp_crt_get_subkey_creation_time: ADDED
+gnutls_openpgp_crt_get_subkey_expiration_time: ADDED
+gnutls_openpgp_crt_get_subkey_id: ADDED
+gnutls_openpgp_crt_get_subkey_usage: ADDED
+gnutls_openpgp_privkey_get_fingerprint: ADDED
+gnutls_openpgp_privkey_get_key_id: ADDED
+gnutls_openpgp_privkey_get_subkey_count: ADDED
+gnutls_openpgp_privkey_get_subkey_idx: ADDED
+gnutls_openpgp_privkey_get_subkey_revoked_status: ADDED
+gnutls_openpgp_privkey_get_revoked_status: ADDED
+gnutls_openpgp_privkey_get_subkey_pk_algorithm: ADDED
+gnutls_openpgp_privkey_get_subkey_expiration_time: ADDED
+gnutls_openpgp_privkey_get_subkey_id: ADDED
+gnutls_openpgp_privkey_get_subkey_creation_time: ADDED
+gnutls_openpgp_crt_get_subkey_pk_dsa_raw: ADDED
+gnutls_openpgp_crt_get_subkey_pk_rsa_raw: ADDED
+gnutls_openpgp_crt_get_pk_dsa_raw: ADDED
+gnutls_openpgp_crt_get_pk_rsa_raw: ADDED
+gnutls_openpgp_privkey_export_subkey_dsa_raw: ADDED
+gnutls_openpgp_privkey_export_subkey_rsa_raw: ADDED
+gnutls_openpgp_privkey_export_dsa_raw: ADDED
+gnutls_openpgp_privkey_export_rsa_raw: ADDED
+gnutls_openpgp_privkey_export: ADDED
+gnutls_certificate_set_openpgp_key_file2: ADDED
+gnutls_certificate_set_openpgp_key_mem2: ADDED
+gnutls_x509_dn_init: ADDED
+gnutls_x509_dn_import: ADDED
+gnutls_x509_dn_deinit: ADDED
+GNUTLS_E_OPENPGP_SUBKEY_ERROR: ADDED
+gnutls_hex2bin: ADDED
+GNUTLS_CRT_PRINT_FULL: ADDED, same as old GNUTLS_X509_CRT_FULL.
+GNUTLS_CRT_PRINT_ONELINE: ADDED, same as old GNUTLS_X509_CRT_ONELINE.
+GNUTLS_CRT_PRINT_UNSIGNED_FULL: ADDED, same as
+ old GNUTLS_X509_CRT_UNSIGNED_FULL.
+
+* Version 2.3.0 (released 2008-01-08)
+
+** LZO compression is now disabled by default.
+The reason is that LZO compression is not standardized in TLS. If you
+wish to experiment with it, you will have to supply --with-lzo when
+invoking ./configure. The internal copy of minilzo is no longer
+included with GnuTLS, so you will need to install liblzo or liblzo2 on
+your system to have --with-lzo to be effective.
+
+** More than one server name field is now sent to the server properly.
+Thanks to mark.phillips@virgin.net.
+
+** Fixes the post_client_hello_function(). The extensions are now parsed
+in a callback friendly way.
+
+** Fix for certificate selection in servers with certificate callbacks.
+
+** Updated translations.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.5 (released 2008-05-19)
+
+** Fix flaw in fix for GNUTLS-SA-2008-1-3.
+The flaw would result in incorrectly terminated sessions with the
+error "Decryption has failed" when the server sends a small packet
+(typically when the session is closed). Reported by Andreas Metzler
+<ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.4 (released 2008-05-19)
+
+** Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily. Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates
+with more details about these vulnerabilities will be added to
+<https://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to read memory beyond the end of the received record.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.3 (released 2008-05-06)
+
+** Increase default handshake packet size limit to 48kb.
+The old limit was 16kb and some servers send huge list of trusted CAs,
+thus running into the limit. FYI, applications can further increase
+this limit using gnutls_handshake_set_max_packet_length. Thanks to
+Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente"
+<marc@mclemente.net> for reporting and providing test servers.
+
+** Fix compilation error related to __FUNCTION__ on some systems.
+Reported by Tim Mooney, see
+<https://savannah.gnu.org/support/?106267>.
+
+** Documented the --priority option to gnutls-cli and gnutls-serv.
+
+** Fix fopen file descriptor leak in PSK server code.
+Thanks to Laurence Withers <l@lwithers.me.uk>, see
+<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.
+
+** Build Guile code with -fgnu89-inline only when supported.
+Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>.
+
+** Make Camellia encryption work.
+Reported by Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2746>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.2 (released 2008-02-21)
+
+** Cipher priority string handling now handle strings that starts with NULL.
+Thanks to Laurence Withers <l@lwithers.me.uk>.
+
+** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
+by Daniel Stenberg.
+
+** Increased the default certificate verification chain limits and allowed
+for checks without limitation.
+
+** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
+and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
+strings and return the proper size.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.1 (released 2008-01-17)
+
+** Prevent linking libextra against previously installed libgnutls.
+Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see
+<http://bugs.gentoo.org/show_bug.cgi?id=202269>.
+
+** Fixes the post_client_hello_function(). The extensions are now parsed
+in a callback friendly way.
+
+** Fix for certificate selection in servers with certificate callbacks.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.0 (released 2007-12-14)
+
+** Update internal copy of libtasn1 to version 1.2.
+
+** Certtool --verify-chain now handle inputs larger than 64kb.
+This fixes the self-test "rsa-md5-collision" under MinGW+Wine with
+recent versions of libgcrypt. The problem was that Wine with the
+libgcrypt RNG generates huge amounts of debugging output.
+
+** Translation updates.
+Added Dutch translation. Updated Polish and Swedish translation.
+
+** Major changes compared to the v2.0 branch:
+
+*** SRP support aligned with newly published RFC 5054.
+
+*** OpenPGP support aligned with newly published RFC 5081.
+
+*** Support for DSA2 keys.
+
+*** Support for Camellia cipher.
+
+*** Support for Opaque PRF Input extension.
+
+*** PKCS#8 parser now handle DSA keys.
+
+*** Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc.
+Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier
+versions, such as 2.01 which is included with GnuTLS, is available
+under GPLv2 or later. If this incompatibility causes problems, we
+recommend you to disable LZO using --without-lzo. LZO compression is
+not a standard TLS compression algorithm, so the impact should be
+minimal.
+
+*** Functions for disabling record protocol padding.
+Works around bugs on Nokia/Ericsson phones.
+
+*** New functions gnutls_priority_set() for setting cipher priorities easily.
+Priorities like "COMPAT" also enables other work arounds, such as
+disabling padding.
+
+*** Other minor improvements and bug fixes.
+
+** Backwards incompatible API/ABI changes in GnuTLS 2.2
+To adapt to changes in the TLS extension specifications for OpenPGP
+and SRP, the GnuTLS API had to be modified. This means breaking the
+API and ABI backwards compatibility. That is something we try to
+avoid unless it is necessary. We decided to also remove the already
+deprecated stub functions for X.509 to XML conversion and TLS
+authorization (see below) when we had the opportunity.
+
+Generally, most applications does not need to be modified. Just
+re-compile them against the latest GnuTLS release, and it should work
+fine.
+
+Applications that use the OpenPGP or SRP features needs to be
+modified. Below is a list of the modified APIs and discussion of what
+the minimal things you need to modify in your application to make it
+work with GnuTLS 2.2.
+
+Note that GnuTLS 2.2 also introduces new APIs -- such as
+gnutls_set_priority() that is superior to
+gnutls_set_default_priority() -- that you may want to start using.
+However, using those new APIs is not required to use GnuTLS 2.2 since
+the old functions continue are still supported. This text only
+discuss what you minimally have to modify.
+
+*** XML related changes
+The function `gnutls_x509_crt_to_xml' has been removed. It has been
+deprecated and only returned an error code since GnuTLS version
+1.2.11. Nobody has complained, so users doesn't seem to miss the
+functionality. We don't know of any other library to convert X.509
+certificates into XML format, but we decided (long ago) that GnuTLS
+isn't the right place for this kind of functionality. If you want
+help to find some other library to use here, please explain and
+discuss your use case on help-gnutls@gnu.org.
+
+*** TLS Authorization related changes
+Everything related to TLS authorizations have been removed, they were
+only stub functions that returned an error code:
+
+ GNUTLS_SUPPLEMENTAL_AUTHZ_DATA
+ gnutls_authz_data_format_type_t
+ gnutls_authz_recv_callback_func
+ gnutls_authz_send_callback_func
+ gnutls_authz_enable
+ gnutls_authz_send_x509_attr_cert
+ gnutls_authz_send_saml_assertion
+ gnutls_authz_send_x509_attr_cert_url
+ gnutls_authz_send_saml_assertion_url
+
+*** SRP related changes
+The callback gnutls_srp_client_credentials_function has a new
+prototype, and its semantic has changed. You need to rewrite the
+callback, see the updated function documentation and SRP example code
+(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more
+information.
+
+The alert codes GNUTLS_A_MISSING_SRP_USERNAME and
+GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP
+specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is
+used. There are #define's to map the old names to the new. You may
+run into problems if you have a switch-case with cases for both SRP
+alerts, since they are now mapped to the same value. The solution is
+to drop the SRP alerts from such switch cases, as they are now
+deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY.
+
+*** OpenPGP related changes
+The function `gnutls_certificate_set_openpgp_keyserver' have been
+removed. There is no replacement functionality inside GnuTLS. If you
+need keyserver functionality, consider using the GnuPG tools.
+
+All functions, types, and error codes related to OpenPGP trustdb
+format have been removed. The trustdb format is a non-standard
+GnuPG-specific format, and we recommend you to use key rings instead.
+The following have been removed:
+
+ gnutls_certificate_set_openpgp_trustdb
+ gnutls_openpgp_trustdb_init
+ gnutls_openpgp_trustdb_deinit
+ gnutls_openpgp_trustdb_import
+ gnutls_openpgp_key_verify_trustdb
+ gnutls_openpgp_trustdb_t
+ GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED
+
+The following functions has an added parameter of the (new) type
+`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data
+(binary or base64). The functions are:
+ gnutls_certificate_set_openpgp_key_file
+ gnutls_certificate_set_openpgp_key_mem
+ gnutls_certificate_set_openpgp_keyring_mem
+ gnutls_certificate_set_openpgp_keyring_file
+
+To improve terminology and align with the X.509 interface, some
+functions have been renamed. Compatibility mappings exists. The old
+and new names of the affected functions and types are:
+
+ Old name New name
+ gnutls_openpgp_key_t gnutls_openpgp_crt_t
+ gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
+ gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
+ GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
+ GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
+ gnutls_openpgp_key_init gnutls_openpgp_crt_init
+ gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
+ gnutls_openpgp_key_import gnutls_openpgp_crt_import
+ gnutls_openpgp_key_export gnutls_openpgp_crt_export
+ gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
+ gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
+ gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
+ gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
+ gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
+ gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
+ gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
+ gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
+ gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
+ gnutls_openpgp_send_key gnutls_openpgp_send_cert
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.1.8 (released 2007-12-10)
+
+** The GPL version has been changed from version 2 to version 3.
+This affects the self-tests, command-line tools, the libgnutls-extra
+library, the relevant guile parts, and the build environment.
+
+** Added gnutls_x509_crt_get_subject_alt_name2().
+
+** Corrected a segfault when setting an empty gnutls_priority_t
+at gnutls_priority_set().
+
+** Use gettext 0.17 which updates m4/lib-*.m4 macros.
+Fixes a problem with spurious -L/usr/lib additions.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_subject_alt_name2: ADD.
+
+* Version 2.1.7 (released 2007-11-29)
+
+** PKCS #8 parser can now encode/decode DSA keys.
+
+** Updated gnutls_set_default_priority2() now renamed to
+gnutls_priority_set() and gnutls_priority_set_direct() which
+accept a string to indicate preferences of ciphersuite parameters.
+
+** gnutls-cli and gnutls-serv now have a --priority option to set
+the priority string.
+
+** The gnutls_*_convert_priority() functions were deprecated by
+the gnutls_priority_set() and gnutls_priority_set_direct().
+
+** Internal copy of OpenCDK upgraded to version 0.6.6.
+
+** API and ABI modifications:
+gnutls_priority_init: ADD.
+gnutls_priority_deinit: ADD.
+gnutls_priority_set: ADD.
+gnutls_priority_set_direct: ADD.
+gnutls_set_default_priority2: RENAMED to gnutls_priority_set_direct()
+gnutls_mac_convert_priority: REMOVED
+gnutls_compression_convert_priority: REMOVED
+gnutls_protocol_convert_priority: REMOVED
+gnutls_kx_convert_priority: REMOVED
+gnutls_cipher_convert_priority: REMOVED
+gnutls_certificate_type_convert_priority: REMOVED
+gnutls_set_default_priority: UNDEPRECATED
+gnutls_set_default_priority_export: UNDEPRECATED
+
+** Undocumented API and ABI modifications earlier in the 2.1.x series:
+GNUTLS_CIPHER_UNKNOWN: ADD.
+GNUTLS_CIPHER_CAMELLIA_128_CBC: ADD.
+GNUTLS_CIPHER_CAMELLIA_256_CBC: ADD.
+GNUTLS_KX_UNKNOWN: ADD.
+GNUTLS_COMP_UNKNOWN: ADD.
+GNUTLS_CRT_UNKNOWN: ADD.
+gnutls_mac_get_id: ADD.
+gnutls_compression_get_id: ADD.
+gnutls_cipher_get_id: ADD.
+gnutls_kx_get_id: ADD.
+gnutls_protocol_get_id: ADD.
+gnutls_certificate_type_get_id: ADD.
+gnutls_handshake_post_client_hello_func: ADD.
+gnutls_certificate_send_x509_rdn_sequence: ADD prototype to gnutls.h.in.
+
+* Version 2.1.6 (released 2007-11-15)
+
+** Corrected bug in decompression of expanded compression data.
+
+** Added the --to-p8 option to certtool to convert private keys
+to PKCS #8 keys.
+
+** Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code.
+
+** gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted
+private keys.
+
+** Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM.
+During the 2.1.x series the GNUTLS_E_UNKNOWN_HASH_ALGORITHM error code
+was renamed to GNUTLS_E_UNKNOWN_ALGORITHM, unfortunately without being
+documented. This caused some problems (e.g., debian #450854). To
+avoid backwards compatibility problems, this release revert this
+change, so that GNUTLS_E_UNKNOWN_HASH_ALGORITHM works just like it has
+done in GnuTLS 2.0.x and earlier, and add a new error code
+GNUTLS_E_UNKNOWN_ALGORITHM.
+
+** Fixes several gtk-doc warnings.
+
+** API and ABI modifications:
+GNUTLS_E_UNKNOWN_ALGORITHM: CHANGED.
+GNUTLS_E_UNKNOWN_HASH_ALGORITHM: CHANGED.
+GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR: ADD.
+
+* Version 2.1.5 (released 2007-11-01)
+
+** Fix PKCS#3 parameter export problem.
+
+** Improve certtool queries, they now print the default value.
+
+** Fix ABI version.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.1.4 (released 2007-10-27)
+
+** Added the --v1 option to certtool, to allow generating X.509
+version 1 certificates.
+
+** certtool: Add option --disable-quick-random to enable the old behaviour
+of using /dev/random to generate keys.
+
+** Added priority functions that accept strings.
+
+** Added gnutls_set_default_priority2() which accepts a flag to indicate
+priorities preferences.
+
+** Added gnutls_record_disable_padding() to allow servers talking to
+buggy clients that complain if the TLS 1.0 record protocol padding is
+used.
+
+** Introduced gnutls_session_enable_compatibility_mode() to allow enabling
+all supported compatibility options (like disabling padding).
+
+** The gnutls_certificate_set_openpgp_* functions were modified to include
+the format. This makes the interface consistent with the x509 functions.
+
+** Internal copy of OpenCDK upgraded to version 0.6.5.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+gnutls_certificate_set_openpgp_key_mem: MODIFIED
+gnutls_certificate_set_openpgp_key_file: MODIFIED
+gnutls_certificate_set_openpgp_keyring_mem: MODIFIED
+gnutls_certificate_set_openpgp_keyring_file: MODIFIED
+gnutls_set_default_priority: DEPRECATED
+gnutls_set_default_priority_export: DEPRECATED
+gnutls_set_default_priority2: ADDED
+gnutls_session_enable_compatibility_mode: ADDED
+gnutls_record_disable_padding: ADDED
+gnutls_mac_convert_priority: ADDED
+gnutls_compression_convert_priority: ADDED
+gnutls_protocol_convert_priority: ADDED
+gnutls_kx_convert_priority: ADDED
+gnutls_cipher_convert_priority: ADDED
+gnutls_certificate_type_convert_priority: ADDED
+gnutls_openpgp_key_t: RENAMED to gnutls_openpgp_crt_t
+gnutls_openpgp_key_status_t: RENAMED to gnutls_openpgp_crt_status_t
+gnutls_openpgp_send_key: RENAMED to gnutls_openpgp_send_cert
+gnutls_openpgp_key_init: RENAMED to gnutls_openpgp_crt_init
+gnutls_openpgp_key_import: RENAMED to gnutls_openpgp_crt_import
+gnutls_openpgp_key_export: RENAMED to gnutls_openpgp_crt_export
+gnutls_openpgp_key_check_hostname: RENAMED to gnutls_openpgp_crt_check_hostname
+gnutls_openpgp_key_get_creation_time: RENAMED to gnutls_openpgp_crt_get_creation_time
+gnutls_openpgp_key_get_expiration_time: RENAMED to gnutls_openpgp_crt_get_expiration_time
+gnutls_openpgp_key_get_fingerprint: RENAMED to gnutls_openpgp_crt_get_fingerprint
+gnutls_openpgp_key_get_version: RENAMED to gnutls_openpgp_crt_get_version
+gnutls_openpgp_key_get_pk_algorithm: RENAMED to gnutls_openpgp_crt_get_pk_algorithm
+gnutls_openpgp_key_get_name: RENAMED to gnutls_openpgp_crt_get_name
+gnutls_openpgp_key_deinit: RENAMED to gnutls_openpgp_crt_deinit
+gnutls_openpgp_key_get_id: RENAMED to gnutls_openpgp_crt_get_id
+gnutls_openpgp_key_get_key_usage: RENAMED to gnutls_openpgp_crt_get_key_usage
+gnutls_openpgp_key_verify_ring: RENAMED to gnutls_openpgp_crt_verify_ring
+gnutls_openpgp_key_verify_self: RENAMED to gnutls_openpgp_crt_verify_self
+
+* Version 2.1.3 (released 2007-10-17)
+
+** TLS authorization support removed.
+This technique may be patented in the future, and it is not of crucial
+importance for the Internet community. After deliberation we have
+concluded that the best thing we can do in this situation is to
+encourage society not to adopt this technique. We have decided to
+lead the way with our own actions.
+
+** Re-enabled the 256 bit ciphers in the default priorities.
+
+** Corrected bugs in openpgp key verification using a keyring (both in
+gnutls and opencdk)
+
+** API and ABI modifications:
+gnutls_certificate_set_openpgp_keyserver: REMOVED
+gnutls_authz_data_format_type_t,
+gnutls_authz_recv_callback_func,
+gnutls_authz_send_callback_func,
+gnutls_authz_enable,
+gnutls_authz_send_x509_attr_cert,
+gnutls_authz_send_saml_assertion,
+gnutls_authz_send_x509_attr_cert_url,
+gnutls_authz_send_saml_assertion_url: REMOVED.
+GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the
+ gnutls_supplemental_data_format_type_t enum type becomes empty.
+
+* Version 2.1.2 (released 2007-10-14)
+
+** Removed all the trustdb code from openpgp authentication.
+We now use only the well-specified keyrings.
+
+** The 256 bit ciphers are not enabled in the default priorities.
+
+** Added support for DSA2 using libgcrypt 1.3.0.
+
+** certtool: Fixed data corruption when using --outder.
+
+** Removed all the xml related stubs and functions.
+
+** Added capability to set a callback after the client hello is received
+by the server in order to adjust parameters before the handshake.
+
+** SRP was corrected to adhere to the latest draft (published soon as RFC)
+
+** Corrected bug which did not allow a server to run without supporting
+certificates.
+
+** Updated the DN parser which now prints wrongly decoded values as hex
+strings.
+
+** certtool: Add option --quick-random.
+For generating low security test credentials.
+
+** API and ABI modifications:
+gnutls_x509_crt_to_xml: REMOVED
+gnutls_openpgp_key_to_xml: REMOVED
+gnutls_openpgp_key_verify_trustdb: REMOVED
+gnutls_openpgp_trustdb_init: REMOVED
+gnutls_openpgp_trustdb_deinit: REMOVED
+gnutls_openpgp_trustdb_import: REMOVED
+gnutls_certificate_set_openpgp_trustdb: REMOVED
+gnutls_srp_client_credentials_function: CHANGED
+gnutls_handshake_set_post_client_hello_function: ADDED
+gnutls_mac_get_key_size: ADDED
+GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED: DEPRECATED.
+GNUTLS_A_MISSING_SRP_USERNAME: DEPRECATED
+GNUTLS_A_UNKNOWN_SRP_USERNAME: DEPRECATED
+
+* Version 2.1.1 (released 2007-09-24)
+
+** Added support for Camellia cipher, thanks to Yoshisato YANAGISAWA.
+Camellia is only enabled in GnuTLS if the installed libgcrypt has been
+compiled with Camellia support. See the libgcrypt documentation on
+how to enable it. Unconditionally disable it using the configure
+option --disable-camellia. Fixes #1.
+
+** Properly document in the NEWS file the API change in the last release.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.1.0 (released 2007-09-20)
+
+** Support for draft-rescorla-tls-opaque-prf-input-00.txt.
+The support is disabled by default. Since no value has been allocated
+by the IANA for this extension yet, you will need to provide one
+yourself by invoking './configure --enable-opaque-prf-input=42'.
+Fixes #2.
+
+** Example code: Fix compilation flaw under MinGW.
+
+** API and ABI modifications:
+gnutls_oprfi_callback_func: ADD, new typedef function prototype.
+gnutls_oprfi_enable_client: ADD, new function.
+gnutls_oprfi_enable_server: ADD, new function.
+
+* Version 2.0.4 (released 2007-11-16)
+
+** Corrected bug in decompression of expanded compression data.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.0.3 (released 2007-11-10)
+
+** This version backports several fixes from the 2.1.x branch.
+
+** Fixed PKCS #3 parameter export.
+
+** Added gnutls_record_disable_padding() to allow servers talking to
+buggy clients that complain if the TLS 1.0 record protocol padding is
+used.
+
+** Introduced gnutls_session_enable_compatibility_mode() to allow enabling
+all supported compatibility options (like disabling padding).
+
+** Corrected bug which did not allow a server to run without supporting
+certificates.
+
+** API and ABI modifications:
+gnutls_session_enable_compatibility_mode: ADDED
+gnutls_record_disable_padding: ADDED
+
+* Version 2.0.2 (released 2007-10-17)
+
+** TLS authorization support removed.
+This technique may be patented in the future, and it is not of crucial
+importance for the Internet community. After deliberation we have
+concluded that the best thing we can do in this situation is to
+encourage society not to adopt this technique. We have decided to
+lead the way with our own actions.
+
+** certtool: Fixed data corruption when using --outder.
+
+** Fix configure-time Guile detection.
+
+** API and ABI modifications:
+GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the
+ gnutls_supplemental_data_format_type_t enum type becomes empty.
+
+* Version 2.0.1 (released 2007-09-20)
+
+** New directory doc/credentials/ with test credentials.
+This collects the test credentials from the web page and from src/.
+The script gnutls-http-serv has also been moved to that directory.
+
+** Update SRP extension type and cipher suite with official IANA values.
+This breaks backwards compatibility with SRP in older versions of
+GnuTLS, but this is intentional to speed up the adoption of the
+official values. The old values we used were incorrect.
+
+** Guile: Fix `x509-certificate-dn-oid'
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.0.0 (released 2007-09-04)
+
+** Included copy of Libtasn1 upgraded to version 1.1.
+
+** Disable building of some examples if anonymous ciphers are disabled.
+
+** Don't build examples for disabled features.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.19 (released 2007-08-27)
+
+** Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
+This solves connection problems in mutt, see
+<http://bugs.debian.org/439640>.
+
+** Update gnulib files.
+In particular, the getpass module -- with its dependencies on getline,
+getdelim, fseeko etc -- where moved from the lgl/ (used by the core
+library) directory to the gl/ directory (only used by the command line
+tools). The reason is that getpass is now only used by the
+command-line tools, and reducing the number of gnulib modules linked
+to the core library helps portability and reduces size.
+
+** Fix warnings.
+
+** Disable building of PGP examples if PGP is disabled.
+
+** Included copy of OpenCDK upgraded to version 0.6.4.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.18 (released 2007-08-16)
+
+** Install images for the info manual.
+This has a side effect of renaming the images. See
+<http://thread.gmane.org/gmane.comp.tex.texinfo.bugs/3533> for
+discussions on the approach chosen.
+
+** Fix pointer mix to variables of different size.
+Patch extracted from
+<http://cvs.fedora.redhat.com/viewcvs/devel/gnutls/gnutls-1.6.3-incompat-pointers.patch?rev=1.1&view=auto>.
+
+** Fix warnings during build.
+Thanks to Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.17 (released 2007-08-15)
+
+** New functions to perform external signing.
+Set the signing callback function (of the gnutls_sign_func prototype)
+using the gnutls_sign_callback_set function. In the callback, you may
+find the new functions gnutls_x509_privkey_sign_hash and
+gnutls_openpgp_privkey_sign_hash useful. A new function
+gnutls_sign_callback_get is also added, to retrieve the function
+pointer. Thanks to "Alon Bar-Lev" <alon.barlev@gmail.com> for
+comments and testing.
+
+** New self test of client and server authenticated X.509 TLS sessions.
+See tests/x509self.c and tests/x509signself.c. The latter also tests
+the new external signing callback interface.
+
+** New errors GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX.
+These two actually describe the outer limits of a range of error codes
+reserved to the application. All of the errors are treated as fatal
+by the library (it has to since it doesn't know the semantics of the
+error codes). This can be useful in callbacks, to signal some
+application-specific error condition, which will usually eventually
+cause some gnutls API to return the same error code as the callback,
+which then can be inspected by the application. Note that error codes
+are negative.
+
+** gnutls_set_default_priority now disable TLS 1.2 by default.
+The RFC is not released yet, and we're approaching a major release so
+let's not enable it just yet.
+
+** Fix namespace so that gnutls_*_t is used consistently.
+Before, many places in the GnuTLS code used the old deprecated type
+names without the '_t' suffix.
+
+** Build fixes for Guile code.
+Patch from Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** More documentation fixes.
+In particular, the section headings were modified for casing. By
+Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** Updated Polish and Swedish translations.
+Thanks to Jakub Bogusz <qboosh@pld-linux.org> and Daniel Nylander
+<po@danielnylander.se>.
+
+** API and ABI modifications:
+gnutls_sign_func: ADD, new type for sign callback.
+gnutls_sign_callback_set: ADD, new function to set sign callback.
+gnutls_sign_callback_get: ADD, new function to retrieve sign callback.
+gnutls_x509_privkey_sign_hash,
+gnutls_openpgp_privkey_sign_hash: ADD, new functions useful in sign callback.
+GNUTLS_E_APPLICATION_ERROR_MIN,
+GNUTLS_E_APPLICATION_ERROR_MAX: ADD, new CPP #defines for error codes.
+
+* Version 1.7.16 (released 2007-08-07)
+
+** Fix sanity checks and return values in certificate selection.
+In some cases, GnuTLS omitted to report suitable error codes when no
+suitable certificate was found.
+
+** Fix gnutls-cli starttls EOF on Mac OS X.
+Thanks to Hal Eden <n.mavrogiannopoulos@gmail.com>.
+
+** Documentation fixes.
+In particular, the section headings were modified for casing. By
+Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.15 (released 2007-07-02)
+
+** Fix self-tests key-id under mingw32.
+
+** Test that the Guile header files are recent enough to work.
+Before we just tested that the command line tool 'guile' was recent
+enough, which may not be sufficient if you still have an old
+libguile.h header installed.
+
+** Guile bindings are now installed under $prefix by default.
+Use --without-guile-site-dir to install it under $pkgdatadir/site/
+where $pkgdatadir is as returned by "guile-config info pkgdatadir".
+Use --with-guile-site-dir=/your/own/path to specify the path manually.
+The default, --with-guile-site-dir, will install the Guile bindings
+under $datadir/guile/site. There is a new section 'Guile
+Preparations' in the manual that discuss these issues.
+
+** Fix run-time library path ordering in linking the Guile bindings.
+
+** Improved manual on downloading, installing, getting help, bug reports etc.
+Suggested by Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Add Malay message translations.
+Thanks to Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.14 (released 2007-06-26)
+
+** Don't enable Guile bindings unless we have Guile 1.8 or later.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Fix memory leak during DSA signature verification.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Fix crash in gnutls-cli when TLS handshake fails.
+Reported by Marc Haber <mh+debian-bugs@zugschlus.de> and Andreas
+Metzler <ametzler@downhill.at.eu.org> via Debian BTS #429183, see
+<http://bugs.debian.org/429183>.
+
+** Minor OpenPGP fixes in stream_to_datum.
+Patch from Timo Schulz <twoaday@freakmail.de> and Ludovic Courtès
+<ludovic.courtes@laas.fr>.
+
+** Fix off-by-one in TLS 1.2 handshake.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Minor Guile binding self-test cleanup.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.13 (released 2007-06-11)
+
+** OpenCDK copy updated to version 0.6.3.
+
+** Build fixes for GnuTLS Guile bindings.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Build fix for GTK-DOC manual.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.12 (released 2007-06-08)
+
+** Guile bindings for GnuTLS have been included.
+Contributed by Ludovic Courtès <ludovic.courtes@laas.fr>. There is a
+new chapter 'Guile Bindings' in the manual.
+
+** Have PKCS8 parser return better error codes.
+Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>.
+
+** Fix mem leak for sessions with client authentication via certificates.
+Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>.
+
+** Fix mem leaks.
+Reported by Dennis Vshivkov <walrus@amur.ru>, see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333050>. Added
+self-test tests/parse_ca.c to test regressions.
+
+** Fix build failures related to missing images in manual.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.11 (released 2007-05-26)
+
+** Include opencdk.h in the release.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.10 (released 2007-05-25)
+
+** New API functions to extract DER encoded X.509 Subject/Issuer DN.
+Suggested by Nate Nielsen <nielsen-list@memberwebs.com>.
+
+** Update of gnulib files.
+
+** GnuTLS is now developed in GIT instead of CVS.
+See <http://repo.or.cz/w/gnutls.git> for a public repository.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_raw_issuer_dn: ADD.
+gnutls_x509_crt_get_raw_dn: ADD.
+
+* Version 1.7.9 (released 2007-05-12)
+
+** X.509 certificates are preferred over OpenPGP keys.
+This is a change in the semantics of gnutls_set_default_priority.
+
+** The included copy of OpenCDK has been updated to 0.6.1.
+There has been some API changes in OpenCDK, and the GnuTLS layer have
+been modified as well. Note that while there are API/ABI incompatible
+changes in OpenCDK, this does not influence GnuTLS's API/ABI because
+its API/ABI have not changed. From this version on, GnuTLS requires
+OpenCDK 0.6.0 or later.
+
+** Fix build failure caused by missing doc/gnutls-logo.pdf.
+
+** Change certtool's default serial number from 0 to a time-based value.
+
+** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
+Before, we remove the parameters field, which resulted in a slightly
+different DER encoding which in turn caused signature verification
+failures of GnuTLS-generated RSA certificates in some other
+implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs
+you read, this may or may not be correct, but our new behaviour appear
+to be consistent with other widely used implementations.
+
+** Fix mem leaks in gnutls_x509_crt_print.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.8 (released 2007-04-16)
+
+** Added examples for the authorization extension.
+See doc/examples/ex-client-authz.c and doc/examples/ex-serv-authz.c.
+
+** The examples only use gnutls_set_default_priority().
+The exception is when DH_ANON is needed.
+
+** Improve gnutls_set_default_priority() priorities.
+The new approach is for it to try and negotiate all secure and
+standard mechanisms available. Currently, DH_ANON ciphersuites and
+LZO compressions are not enabled by default, because they are,
+respectively, insecure and non-standardized. Note that TLS 1.2 will
+not be enabled by default in non-experimental release until it has
+been approved by the IETF.
+
+** gnutls-cli and gnutls-serv now uses the library's default priorities.
+This means that to get DH_ANON and LZO compression, you'll need to
+specify that manually using '--kx anon' or '--comp lzo'.
+
+** Minor fixes to the human display format of X.509 certificates.
+
+** New APIs to extract Distinguished Name's from X.509 certificates.
+Based on patch from Howard Chu <hyc@symas.com>.
+
+** Improved library searching for opencdk.
+It will now add the appropriate -R or -Wl,-rpath flags as necessary.
+The deprecated opencdk.m4 is no longer used.
+
+** New APIs to list supported algorithms in the library.
+The APIs are gnutls_cipher_list, gnutls_mac_list,
+gnutls_compression_list, gnutls_protocol_list,
+gnutls_certificate_type_list, gnutls_kx_list, and
+gnutls_cipher_suite_info. Suggested by Howard Chu <hyc@symas.com>.
+
+** The gnutls_x509_crt_get_key_id API now handle non-RSA/DSA keys.
+
+** New configure option --disable-tls-authorization to disable tls-authz.
+
+** Fix prototype for `gnutls_psk_set_client_credentials'.
+The last parameter was renamed from 'flags' to 'format' and the type
+changed from 'unsigned int' to 'gnutls_psk_key_flags' (an enum type),
+which shouldn't cause any ABI changes. Reported by ludo@chbouib.org
+(Ludovic Courtès).
+
+** Fix allocation in gnutls_certificate_set_openpgp_key.
+Tiny patch from ludo@chbouib.org (Ludovic Courtès).
+
+** API and ABI modifications:
+gnutls_x509_dn_t: ADD.
+gnutls_x509_ava_st: ADD.
+gnutls_x509_crt_get_subject,
+gnutls_x509_crt_get_issuer: ADD.
+gnutls_x509_dn_get_rdn_ava: ADD.
+gnutls_cipher_list: ADD.
+gnutls_mac_list: ADD.
+gnutls_compression_list: ADD.
+gnutls_protocol_list: ADD.
+gnutls_certificate_type_list: ADD.
+gnutls_kx_list: ADD.
+gnutls_cipher_suite_info: ADD.
+
+* Version 1.7.7 (released 2007-02-22)
+
+** Support for supplemental handshake messages and authorization data.
+Supplemental data is described in RFC 4680 and the authorization
+extensions in draft-housley-tls-authz-extns-07.
+
+** Support for authorization data in gnutls-cli and gnutls-serv.
+New parameters --authz-x509-attr-cert and --authz-saml-assertion.
+
+** Fix for gnutls_x509_crt_check_hostname.
+Before it would have reported that the certificate matched a hostname
+when it did not have any dNSName or any CN field. Report and tiny
+patch from "Richard W.M. Jones" <rjones@redhat.com>.
+
+** New self test for RFC 2818 comparison in gnutls_x509_crt_check_hostname.
+Tests regressions of the bug, and several other features.
+
+** GnuTLS now matches URI's with IP Addresses against iPAddress SAN's.
+Before there were no support for iPAddress SAN's during comparison.
+
+** New API to print information about CRL's.
+The function is gnutls_x509_crl_print.
+
+** New API to extract signature value from CRL's.
+The function is gnutls_x509_crl_get_signature.
+
+** Support for directoryName Subject Alternative Name's.
+The gnutls_x509_crt_get_subject_alt_name function returns the DN as a
+string in the provided buffer.
+
+** Internal improvements to certtool.
+It uses gnutls_x509_crl_print to print CRL information. It uses some
+more gnulib modules to simplify error handling.
+
+** API and ABI modifications:
+GNUTLS_HANDSHAKE_SUPPLEMENTAL: ADD, new gnutls_handshake_description_t element.
+gnutls_supplemental_data_format_type_t: ADD.
+gnutls_authz_data_format_type_t: ADD.
+gnutls_supplemental_get_name: ADD.
+gnutls_authz_recv_callback_func,
+gnutls_authz_send_callback_func: ADD, callback prototypes.
+gnutls_authz_enable: ADD.
+gnutls_authz_send_x509_attr_cert,
+gnutls_authz_send_saml_assertion,
+gnutls_authz_send_x509_attr_cert_url,
+gnutls_authz_send_saml_assertion_url: ADD.
+GNUTLS_SAN_DN: ADD, new gnutls_x509_subject_alt_name_t element.
+gnutls_x509_crl_print: ADD.
+gnutls_x509_crl_get_signature: ADD.
+
+* Version 1.7.6 (released 2007-02-12)
+
+** Support for 'otherName' Subject Alternative Names.
+The existing API gnutls_x509_crt_get_subject_alt_name may now return
+the new type GNUTLS_SAN_OTHERNAME together with the otherName value.
+To find out the otherName OID (necessary for proper parsing of the
+value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid.
+For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will
+return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to
+simplify OID matching. Suggested by Matthias Wimmer <m@tthias.eu>.
+
+** Certtool can print otherName SAN values for certificates.
+For known otherName OIDs (currently only id-on-xmppAddr as defined by
+RFC 3920), it will also print the name.
+
+** Fix TLS 1.2 RSA signing in servers.
+Before it used the old-style MD5+SHA1 signature, but the TLS
+signatures should be normal PKCS#1 signatures. FYI, we use and
+require that DigestInfo parameters are present and NULL for TLS 1.2.
+
+** Add APIs to access X.509 extensions sequentially.
+The existing APIs gnutls_x509_crt_get_extension_oid() and
+gnutls_x509_crt_get_extension_by_oid() does not permit callers to
+inspect the extensions in the order defined by the certificate.
+
+** Add API to extract signature value from X.509 certificates.
+The function is gnutls_x509_crt_get_signature.
+
+** Fix crash when generating proxy certificates in batch mode.
+If you don't specify a proxy policy in batch mode, it will use
+id-ppl-inheritALL.
+
+** Add API to print information about X.509 certificates.
+The function is gnutls_x509_crt_print.
+
+** Certtool uses the new API gnutls_x509_crt_print to print certificate info.
+One consequence of this is that the output syntax has changed
+slightly. Some more fields are printed.
+
+** Doc fixes.
+
+** API and ABI modifications:
+gnutls_x509_crt_print: ADD
+gnutls_certificate_print_formats_t: ADD, new enum.
+gnutls_x509_crt_get_signature: ADD.
+gnutls_x509_crt_get_extension_data: ADD.
+gnutls_x509_crt_get_extension_info: ADD.
+gnutls_x509_crt_get_subject_alt_othername_oid: ADD.
+GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element.
+GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element.
+
+* Version 1.7.5 (released 2007-02-06)
+
+** Servers won't negotiate SRP RSA/DSS cipher suites if no SRP credential
+** is set.
+
+** Default behaviour for the gnutls-cli and gnutls-serv tools improved.
+
+** Fix --list output for gnutls-cli and gnutls-serv.
+Mention TLS1.2, SHA512 etc.
+
+** Manual contains new section on setting up a test HTTP server.
+A server set up following those descriptions are available online via
+<http://www.gnutls.org/server.html>.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.4 (released 2007-02-05)
+
+** Support for RSA signing using SHA-256/384/512.
+A new self test "sha2" tries to build a long X.509 certificate chain
+testing all new hashes.
+
+** The gnutls-serv tool now use static DH parameters if none are supplied.
+
+** Discuss proxy certificates in the manual.
+
+** Improve bibliographical citations in the manual.
+
+** Update of gnulib files.
+
+** Fix certtool template handling of pathLenConstraints.
+It now defaults to -1 instead of 0, which causes the field to be
+missing unless the template specify it.
+
+** API and ABI modifications:
+GNUTLS_MAC_SHA256,
+GNUTLS_MAC_SHA384,
+GNUTLS_MAC_SHA512: New gnutls_mac_algorithm_t values.
+GNUTLS_DIG_SHA256,
+GNUTLS_DIG_SHA384,
+GNUTLS_DIG_SHA512: New gnutls_digest_algorithm_t values.
+GNUTLS_SIGN_RSA_SHA256,
+GNUTLS_SIGN_RSA_SHA384,
+GNUTLS_SIGN_RSA_SHA512: New gnutls_sign_algorithm_t values.
+
+* Version 1.7.3 (released 2007-02-01)
+
+** New option to certtool: --generate-proxy.
+This will generate a Proxy Certificate from an end entity certificate.
+Proxy Certificates are documented in RFC 3820. You will need to
+specify the proxy certificate's private key with --load-privkey, the
+user certificate with --load-certificate and the private key used to
+sign the new proxy certificate with --load-ca-privkey. Certtool will
+query for proxy path length and the policy language OID. Currently
+only OIDs that have an empty policy are supported (which includes the
+two OIDs defined by RFC 3820).
+
+** Certtool --certificate-info now prints information for Proxy Certificates.
+Before the proxy extension was just printed as DER encoded data.
+
+** New APIs to set proxy subject names and get/set proxy cert extension.
+
+** Fix parsing of pathLenConstraints in BasicConstraints with missing cA.
+
+** Added self-test to test for regressions of pathLenConstraint bug.
+Incidentally, this also test (some) other regressions or changes in
+the output from certtool --certificate-info.
+
+** When certtool generates CA certificates, pressing enter on the path
+** length constraint query will now remove the field.
+Before it set the path length constraint to 0, which is a rather poor
+default.
+
+** Certtool now print times in UTC when printing certificate/CRL info.
+
+** Add better fix to work around C++ compiler bug on Mac OS X.
+Reported and tiny patch provided by Matthias Scheler <tron@NetBSD.org>.
+
+** Fix import of ASCII armored OpenPGP keys.
+Patch by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+gnutls_x509_crt_set_proxy_dn: ADD.
+gnutls_x509_crt_set_proxy: ADD.
+gnutls_x509_crt_get_proxy: ADD.
+
+* Version 1.7.2 (released 2007-01-14)
+
+** Certtool now print the value of the pathLenConstraints field for certs.
+
+** Certtool now query for path length constraints when generating CA certs.
+For batch uses, the certtool configuration name is "path_len".
+Suggested by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+** Add new API to get/set pathLenConstraint in the Basic Constraints.
+The new functions gnutls_x509_crt_get_basic_constraints and
+gnutls_x509_crt_set_basic_constraints provide a superset of the
+functionality in the old gnutls_x509_crt_get_ca_status and
+gnutls_x509_crt_set_ca_status (respectively), but the old functions
+will continue to be supported.
+
+** Add new API in OpenCDK to extract public/secret OpenPGP key to S-expr.
+The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp. A proper
+OpenCDK release with this patch will be made soon, which should bump
+the OpenCDK version number. Patch by Mario Lenz <mario.lenz@gmx.net>.
+
+** Certtool --to-p12 can now store more than one certificate in the blob.
+Before it could only store one certificate, but now it will read and
+store as many certificate there are from the --load-certificate file.
+Suggested by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+** Clean up separation of gnutls and gnutls-extra for OpenPGP.
+In particular, the OpenPGP function variables are no longer part of
+the exported libgnutls interface, and no header files from
+libgnutls-extra (GPL) are needed by libgnutls (LGPL). The variables
+were never intended for non-internal purposes, and thus this does not
+imply a change in the external API/ABI.
+
+** Print URL to gaa when missing, and fix srcdir!=builddir for GAA files.
+Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc.
+Before these parameters were set to make GnuTLS build under mingw32,
+however, they appear to no longer be necessary.
+
+** A minor fix to the C++ library to make it build.
+Reported by Pavlov Konstantin <thresh@altlinux.ru>.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_basic_constraints: ADD.
+gnutls_x509_crt_set_basic_constraints: ADD.
+cdk_pubkey_to_sexp: ADD (in opencdk).
+cdk_seckey_to_sexp: ADD (in opencdk).
+
+* Version 1.7.1 (released 2006-12-28)
+
+** TLS 1.2 server side fix.
+The Certificate Request sent did not contain the list of supported
+hashes field, thus violating the protocol. It will now contain an
+empty list. Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** TLS 1.2 DSA signature verification fix.
+Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** Fix the list of trusted CAs that server's send to clients.
+Before, the list contained issuer DN's instead of subject DN's of the
+trusted CAs. Reported by Max Kellermann <max@duempel.org>.
+
+** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it.
+Also added a self-test in tests/certificate_set_x509_crl.c to test the
+function. Reported by Max Kellermann <max@duempel.org>.
+
+** Encode UID fields in DN's as DirectoryString.
+Before GnuTLS encoded and parsed UID fields as IA5String. This was
+incorrect, it should have used DirectoryString. Now it will use
+DirectoryString for the UID field, but for backwards compatibility it
+will also accept IA5String UID's. Reported by Max Kellermann
+<max@duempel.org>.
+
+** Improve out-of-sourcedir builds from CVS.
+Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** Bootstrap tools changed.
+We now require autoconf 2.61, automake 1.10, and gettext 0.16, when
+building GnuTLS from CVS. Libtool 1.5.22 is used.
+
+** Fixed a syntax error in lib/gnutls.asn.
+Reported by Paul Millar <p.millar@physics.gla.ac.uk>.
+
+** Added German translation of GnuTLS messages.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.0 (released 2006-11-29)
+
+** The default protocol priority try TLS 1.1 and TLS 1.2 too.
+The details is that the protocol priority set by
+`gnutls_set_default_priority' has been changed from TLS 1.0 and SSL
+3.0 to TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0.
+
+** Preliminary support for TLS 1.2.
+The client has been successfully tested against
+https://www.mikestoolbox.org:4433/.
+
+** Anonself test now print a lot of debugging info, including TLS version.
+
+** Doc fixes in OpenCDK, to avoid some gtk-doc warnings.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+GNUTLS_TLS1_2: New gnutls_protocol_t enum member.
+
+*** Pulled up from stable 1.6.x branch:
+
+** Fix ./configure failure with non-GCC compilers.
+This fixes the following error message:
+configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined.
+Reported by "Michael C. Vergallen" <mvergall@telenet.be>.
+
+* Version 1.6.3 (released 2007-05-26)
+
+** New API functions to extract DER encoded X.509 Subject/Issuer DN.
+Suggested by Nate Nielsen <nielsen-list@memberwebs.com>. Backported
+from the 1.7.x branch, see
+<http://lists.gnu.org/archive/html/help-gnutls/2007-05/msg00029.html>.
+
+** Have PKCS8 parser return better error codes.
+Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>.
+
+** Fix mem leak for sessions with client authentication via certificates.
+Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>.
+
+** Fix building of 'tlsia' self test.
+Earlier some gcc are known to build tlsia linking to
+$prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in
+the build directory, even though command line parameters look OK.
+Changing order of some parameters fixes it.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_raw_issuer_dn: ADD.
+gnutls_x509_crt_get_raw_dn: ADD.
+
+* Version 1.6.2 (released 2007-04-18)
+
+** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
+Before, we remove the parameters field, which resulted in a slightly
+different DER encoding which in turn caused signature verification
+failures of GnuTLS-generated RSA certificates in some other
+implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs
+you read, this may or may not be correct, but our new behaviour appear
+to be consistent with other widely used implementations.
+
+** Regenerate the PKIX ASN.1 syntax tree.
+For some reason, after changing the ASN.1 type of ldap-UID in the last
+release, the generated C file built from the ASN.1 schema was not
+refreshed. This can cause problems when reading/writing UID
+components inside X.500 Distinguished Names. Reported by devel
+<dev001@pas-world.com>.
+
+** Updated translations.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.6.1 (released 2006-12-28)
+
+** Fix the list of trusted CAs that server's send to clients.
+Before, the list contained issuer DN's instead of subject DN's of the
+trusted CAs. Reported by Max Kellermann <max@duempel.org>.
+
+** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it.
+Reported by Max Kellermann <max@duempel.org>.
+
+** Encode UID fields in DN's as DirectoryString.
+Before GnuTLS encoded and parsed UID fields as IA5String. This was
+incorrect, it should have used DirectoryString. Now it will use
+DirectoryString for the UID field, but for backwards compatibility it
+will also accept IA5String UID's. Reported by Max Kellermann
+<max@duempel.org>.
+
+** Fix ./configure failure with non-GCC compilers.
+This fixes the following error message:
+configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined.
+Reported by "Michael C. Vergallen" <mvergall@telenet.be>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.6.0 (released 2006-11-17)
+
+** No changes since 1.5.5.
+The major changes compared to the 1.4.x branch are:
+
+*** A GnuTLS C++ library is part of the official distribution.
+Currently there are no examples or documentation, but hopefully this
+will change. See gnutlsxx.h for the API.
+
+*** Windows is a supported platform.
+There are, however, two know bugs. One is related to select() in
+command line tools (not, nota bene, in the library), the other is a
+problem with libgcrypt that causes delays. Help is needed to resolve
+those issues, so we feel we can't delay the release because of this.
+
+*** New APIs for custom push/pull function error reporting.
+The new APIs are gnutls_transport_set_errno and
+gnutls_transport_set_global_errno. See the release notes for version
+1.5.4 for more information.
+
+*** Self tests are run under valgrind, if available. See --disable-valgrind.
+
+* Version 1.5.5 (released 2006-11-16)
+
+** Correctly bump shared library version after adding new APIs.
+This was forgotten in the last release.
+
+** Fix unsigned vs signed problem in ex-x509-info.c example.
+Reported by Tim Kosse <tim.kosse@filezilla-project.org>.
+
+** Fix the rsa-md5-collision self test to work for MinGW+Wine.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.4 (released 2006-11-07)
+
+** New API functions to set errno in push/pull functions.
+Under Windows, setting the errno variable in a push/pull replacement
+may end up setting the wrong errno variable, and GnuTLS send/recv
+functions become confused about the real errno returned from a failed
+push/pull function. Therefor, we have added two APIs to set the errno
+variable used by GnuTLS. The APIs can also help to keep things
+thread-safe, by avoiding potentially global variables. Typically,
+instead of setting errno in your push/pull function, you will call one
+of these functions. It is recommended to use
+gnutls_transport_set_errno, but if you don't have the session variable
+easily accessible in the push/pull replacement function, you can use
+gnutls_transport_set_global_errno. Suggested by Tim Kosse
+<tim.kosse@filezilla-project.org>.
+
+void gnutls_transport_set_errno (gnutls_session_t session, int err);
+void gnutls_transport_set_global_errno (int err);
+
+** When calling `recv' or `send' Windows errors are handled properly.
+The Windows recv/send functions doesn't use errno, and GnuTLS now use
+WSAGetLastError to access the error condition instead.
+
+** Several OpenPGP API fixes.
+All suggested by ludovic.courtes@laas.fr (Ludovic Courtès). The most
+important fix is to change the return value of
+gnutls_openpgp_privkey_get_pk_algorithm and
+gnutls_openpgp_key_get_pk_algorithm from 'int' to
+'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI
+compatible with 'int').
+
+** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+** version, try to negotiate the highest version support by the GnuTLS server,
+** instead of the lowest.
+Reported by <Pasi.Eronen@nokia.com>.
+
+** Replace old constructs with use of gnulib modules.
+For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in
+the code. If the headers doesn't exist on the target system, gnulib
+will make sure its replacement header files are used instead.
+
+** Fix SOVERSION computation for *.def files.
+This fixes build errors similar to "No rule to make target
+`libgnutls-`expr', needed by `all-am'." when building for Windows.
+
+** gnutls_check-version uses strverscmp from gnulib.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+gnutls_transport_set_errno: ADD
+gnutls_transport_set_global_errno: ADD
+
+* Version 1.5.3 (released 2006-10-26)
+
+** Add new self-test of RSA-MD5 signature chains.
+Note that we already, since GnuTLS 1.2.9, reject RSA-MD5 signatures
+when verifying X.509 chains. The code is in tests/rsa-md5-collision/
+and is based on the work by Marc Stevens et al, see
+<http://www.win.tue.nl/hashclash/TargetCollidingCertificates/>.
+
+** Re-factor self tests.
+
+** The include copy of Libtasn1 is updated to version 0.3.7.
+
+** The included copy of OpenCDK is updated to version 0.5.11.
+
+** Fix the filename of the *.def file on Windows after library version bump.
+
+** Separated the gnulib directory into one for LGPL modules and one for GPL.
+This allows the GPL'd part of GnuTLS to take advantage of the GPL'd
+gnulib modules. Earlier we could only use the LGPL'ed module from
+gnulib, because two gnulib directories in the same project didn't
+work.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.2 (released 2006-10-03)
+
+** Decrement the shared library version back to 13 (as in the 1.4.x branch).
+Note that if you installed 1.5.0 or 1.5.1, they will have a higher
+shared library version than this version, so you'll have to remove
+them and possibly relink your applications. The reason for this is
+that no API/ABI changes have been made since the 1.4.x branch, and
+that incrementing the shared library version was a mistake. Reported
+by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Fix off-by-one error when computing length to malloc.
+The code is used by gnutls_openpgp_add_keyring_file and
+gnutls_openpgp_add_keyring_mem. Reported by "Adam Langley"
+<agl@imperialviolet.org>.
+
+** Add version script for the GnuTLS C++ library.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Fix the C++ compiler detection logic.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.1 (released 2006-09-21)
+
+** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
+** Crypto 06 rump session attack.
+In particular, we check that the digestAlgorithm.parameters field is
+missing or empty, to avoid that it can contain "garbage" that may be
+used to alter the numeric properties of the signature. See
+<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
+not exactly the same as the problem we fix here). Reported by Yutaka
+OIWA <y.oiwa@aist.go.jp>.
+
+See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
+up to date information.
+
+** Add self test to test for above flaw.
+
+** Fix gnutls-cli-debug regarding resume support detection.
+Earlier, if the session-id from the server had a length of 0, it would
+indicate that the server supports resumption, which isn't the case.
+Reported by Kataja Kai <kai.kataja@op.fi>.
+
+** Fix building of examples on FreeBSD by including netinet/in.h.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+** Fix certtool bug that caused the private key to not be loaded when
+generating a certificate with --load-request, which in turn triggered
+another unrelated bug in gnutls_x509_crt_sign2 (also fixed). Reported
+by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+** gnutls-cli and gnutls-serv works on Windows.
+The problem was the select() call that doesn't work on file
+descriptors (stdin) on Windows. We borrowed some code from plibc to
+solve this. It appears to be somewhat unreliable though.
+
+** Autoconf 2.60 is now used.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.0 (released 2006-08-13)
+
+** Change SRP and Cert-Type extensions to match IANA registry.
+
+** Fixed bug in OpenPGP authentication handshake.
+
+** Improvements for building under MinGW.
+Provides internal inet_ntop and inet_pton functions and arpa/inet.h
+header. Calls WSAStartup and WSACleanup in gnutls_global_init and
+gnutls_global_deinit, respectively. Loads getaddrinfo and getnameinfo
+at run-time from ws2_32.dll, and falls back on a simple replacement if
+it is not available. Builds the library with -mms-bitfields
+-Wl,--enable-runtime-pseudo-reloc. Links with --output-def, to
+create *.def files, which are installed.
+
+** The examples now (conditionally) include config.h and link to gnulib.
+No other source changes were necessary, so the examples should
+continue to be possible to use stand-alone without any autoconf or
+gnulib stuff.
+
+** Added C++ header "gnutlsxx.h" and library "libgnutlsxx".
+You may unconditionally disable it with --disable-cxx. See
+includes/gnutls/gnutlsxx.h and lib/gnutlsxx.cpp for the
+implementation.
+
+** Made command line tool '--version' behave according to GNU Standards.
+This enables 'make distcheck' to succeed.
+
+** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.
+
+** Make --without-included-libtasn1 work.
+Reported by Daniel Black <dragonheart@gentoo.org>.
+
+** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
+See https://www.gnu.org/software/gnutls/security.html regardging
+GNUTLS-SA-2006-2 for more up to date information. Reported by
+satyakumar <satyam_kkd@hyd.hellosoft.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.5 (released 2006-11-06)
+
+** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+** version, try to negotiate the highest version support by the GnuTLS server,
+** instead of the lowest.
+Reported by <Pasi.Eronen@nokia.com>.
+
+** Fix typo in doc/examples/ex-serv-pgp.c.
+Reported by Adam Langley" <agl@imperialviolet.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.4 (released 2006-09-12)
+
+** Relax the test that caught signatures that exploit the variant of
+** Bleichenbacher's Crypto 06 rump session attack on our
+** verification logic flaw.
+In particular, we now permit the digestAlgorithm.parameters field to
+be present but empty, whereas in 1.4.3 we actually checked that the
+field was absent.
+
+** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem.
+The messages are only printed in debug mode, which is not recommended
+for normal use, and thus logging this situation cannot be abused as an
+oracle in typical recommended situations.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.3 (released 2006-09-08)
+
+** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
+** Crypto 06 rump session attack.
+In particular, we check that the digestAlgorithm.parameters field is
+empty, to avoid that it can contain "garbage" that may be used to
+alter the numeric properties of the signature. See
+<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
+not exactly the same as the problem we fix here). Reported by Yutaka
+OIWA <y.oiwa@aist.go.jp>.
+
+See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
+up to date information.
+
+** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.
+See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>.
+Reported by Werner Koch <wk@gnupg.org>.
+
+See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more
+up to date information.
+
+** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.2 (released 2006-08-12)
+
+** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
+This can happen if you call gnutls_certificate_verify_peers2 and have
+a certain mix of local CA certificates and the peer send special
+certificates, that together trigger certain behaviour. It is not
+known at this point whether the crash can be triggered without the
+special local CA certificate, and thus turn this into a remote crash
+of clients that verify server certificates when they talk to a server
+with the special server certificate. See GNUTLS-SA-2006-2 on
+https://www.gnu.org/software/gnutls/security.html for more up to date
+information. Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.
+
+** Change SRP and Cert-Type extensions to match IANA registry.
+
+** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.
+
+** Make --without-included-libtasn1 work.
+Reported by Daniel Black <dragonheart@gentoo.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.1 (released 2006-06-14)
+
+** Replaced inactive ifdefs to enable openpgp support in test programs.
+
+** Fixed bug in OpenPGP authentication handshake.
+
+** Fixed typographical in man pages.
+
+** Build fixes of the manual.
+
+** Added Swedish translation.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.0 (released 2006-05-15)
+
+** Remove GnuTLS 0.8.x compatibility functions.
+
+** The libgcrypt RNG is initialized in gnutls_global_init().
+
+** TLS/IA API changes from Emile van Bergen.
+A dummy credential structure is not needed now, if you wish to use the
+low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on
+a session.
+
+** The self-tests are now run under valgrind, if it is installed.
+
+** Libtasn1 is updated to 0.3.4, and that version is now required.
+
+** The command line tools now use getaddrinfo and support IPv6.
+
+** API and ABI modifications:
+_gnutls_x509_get_raw_crt_activation_time,
+_gnutls_x509_get_raw_crt_expiration_time: Removed.
+gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable.
+gnutls_ia_enable: Added.
+
+* Version 1.3.5 (released 2006-03-08)
+
+** Error messages are now translated using GNU Gettext.
+
+** The function gnutls_x509_crt_to_xml now return an internal error.
+This means that the code to convert X.509 certificates to XML format
+does not work any more. The reason is that the function called
+libtasn1 internal functions. It seems unclean for libtasn1 to export
+the APIs needed here. Instead it would be better to implement XML
+support inside libtasn1 properly. If you need this functionality
+strongly, please consider looking into implementing this suggested
+approach instead. As a workaround, you may also modify lib/x509/xml.c
+(change '#if 1' to '#if 0') and build using --with-included-libtasn1.
+
+** Libraries are now built with libtool's -no-undefined.
+This helps producing libraries for Windows using mingw32.
+
+** Doc fixes to explain that gnutls_record_send can block.
+
+** Libtasn1 0.3.1 or later is now required.
+The include copy has been updated too.
+
+** gnutls-cli can now recognize services and port numbers with the -p option.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.3.4 (released 2006-02-09)
+
+** Fix read of out bounds bug in DER parser.
+Reported by Evgeny Legerov <admin@gleg.net>, and debugging help from
+Protover SSL. Libtasn1 0.2.18 is now required, which contains the
+previous bug fix. The included libtasn1 version in GnuTLS has been
+updated.
+
+** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no
+longer invalidate a session if the underlying send fails, but it will
+prevent future writes. That is to allow reading the already received data.
+Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org>
+
+** Corrected bugs in gnutls_certificate_set_x509_crl() and
+gnutls_certificate_set_x509_trust(), that caused memory corruption if
+more than one certificates were added. Report and patch by Max Kellermann.
+
+** Fix build problems of OpenCDK on AIX.
+Thanks to "Heiden, John" <JHeiden@UTNet.UToledo.Edu>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.3.3 (released 2006-01-12)
+
+** New API to access the TLS master secret.
+When possible, you should use the TLS PRF functions instead.
+Suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
+
+** Improved handling when multiple libraries use GnuTLS at the same time.
+Now gnutls_global_init() can be called multiple times, and
+gnutls_global_deinit() will only deallocate the structure when it has
+been called as many times as gnutls_global_init() was called.
+
+** Added a self test of TLS resume functionality.
+
+** Fix crash in TLS resume code, caused by TLS/IA changes.
+
+** Documentation fixes about thread unsafety, prompted by
+** discussion with bryanh@giraffe-data.com (Bryan Henderson).
+In particular, gnutls_global_init() and gnutls_global_deinit() are not
+thread safe. Careful callers may want to protect the call using a
+mutex. The problem could also be ignored, which would cause a memory
+leak under rare conditions when two threads invoke the function
+roughly at the same time.
+
+** Add 'const' keywords in various places, from Frediano ZIGLIO.
+
+** The code was indented again, including the external header files.
+
+** API and ABI modifications:
+New functions to retrieve the master secret value:
+ gnutls_session_get_master_secret
+
+Add a 'const' keyword to existing API:
+ gnutls_x509_crq_get_challenge_password
+
+* Version 1.3.2 (released 2005-12-15)
+
+** GnuTLS now support TLS Inner application (TLS/IA).
+This is per draft-funk-tls-inner-application-extension-01. This
+functionality is added to libgnutls-extra, so it is licensed under the
+GNU General Public License.
+
+** New APIs to access the TLS Pseudo-Random-Function (PRF).
+The PRF is used by some protocols building on TLS, such as EAP-PEAP
+and EAP-TTLS. One function to access the raw PRF and one to access
+the PRF seeded with the client/server random fields are provided.
+Suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
+
+** New APIs to acceess the client and server random fields in a session.
+These fields can be useful by protocols using TLS. Note that these
+fields are typically used as input to the TLS PRF, and if this is your
+intended use, you should use the TLS PRF API that use the
+client/server random field directly. Suggested by Jouni Malinen
+<jkmaline@cc.hut.fi>.
+
+** Internal type cleanups.
+The uint8, uint16, uint32 types have been replaced by uint8_t,
+uint16_t, uint32_t. Gnulib is used to guarantee the presence of
+correct types on platforms that lack them. The uint type have been
+replaced by unsigned.
+
+** API and ABI modifications:
+New functions to invoke the TLS Pseudo-Random-Function (PRF):
+ gnutls_prf
+ gnutls_prf_raw
+
+New functions to retrieve the session's client and server random values:
+ gnutls_session_get_server_random
+ gnutls_session_get_client_random
+
+New function, to perform TLS/IA handshake:
+ gnutls_ia_handshake
+
+New function to decide whether to do a TLS/IA handshake:
+ gnutls_ia_handshake_p
+
+New functions to allocate a TLS/IA credential:
+ gnutls_ia_allocate_client_credentials
+ gnutls_ia_free_client_credentials
+ gnutls_ia_allocate_server_credentials
+ gnutls_ia_free_server_credentials
+
+New functions to handle the AVP callback:
+ gnutls_ia_set_client_avp_function
+ gnutls_ia_set_client_avp_ptr
+ gnutls_ia_get_client_avp_ptr
+ gnutls_ia_set_server_avp_function
+ gnutls_ia_set_server_avp_ptr
+ gnutls_ia_get_server_avp_ptr
+
+New functions, to toggle TLS/IA application phases:
+ gnutls_ia_require_inner_phase
+
+New function to mix session keys with inner secret:
+ gnutls_ia_permute_inner_secret
+
+Low-level API (used internally by gnutls_ia_handshake):
+ gnutls_ia_endphase_send
+ gnutls_ia_send
+ gnutls_ia_recv
+
+New functions that can be used after successful TLS/IA negotiation:
+ gnutls_ia_generate_challenge
+ gnutls_ia_extract_inner_secret
+
+Enum type with TLS/IA modes:
+ gnutls_ia_mode_t
+
+Enum type with TLS/IA packet types:
+ gnutls_ia_apptype_t
+
+Enum values for TLS/IA alerts:
+ GNUTLS_A_INNER_APPLICATION_FAILURE
+ GNUTLS_A_INNER_APPLICATION_VERIFICATION
+
+New error codes, to signal when an application phase has finished:
+ GNUTLS_E_WARNING_IA_IPHF_RECEIVED
+ GNUTLS_E_WARNING_IA_FPHF_RECEIVED
+
+New error code to signal TLS/IA verify failure:
+ GNUTLS_E_IA_VERIFY_FAILED
+
+* Version 1.3.1 (released 2005-12-08)
+
+** Support for DHE-PSK cipher suites has been added.
+This method offers perfect forward secrecy.
+
+** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
+Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>.
+
+** Corrected a bug in certtool for 64 bit machines. Reported
+by Max Kellermann <max@duempel.org>.
+
+** New function to set a X.509 private key and certificate pairs, and/or
+CRLs, from an PKCS#12 file, suggested by Emile van Bergen
+<emile@e-advies.nl>.
+
+The integrity of the PKCS#12 file is protected through a password
+based MAC; public-key based signatures for integrity protection are
+not supported. PKCS#12 bags may be encrypted using password derived
+symmetric keys, public-key based encryption is not supported. The
+PKCS#8 keys may be encrypted using passwords. The API use the same
+password for all operations. We believe that any more flexibility
+create too much complexity that would hurt overall security, but may
+add more PKCS#12 related APIs if real-world experience indicate
+otherwise.
+
+** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys,
+reported by Emile van Bergen <emile@e-advies.nl>.
+This will enable "certtool -k -8" to parse those keys.
+
+** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords.
+Use "certtool -p -8" and press press enter at the prompt. Earlier,
+certtool would have encrypted the key using an empty password.
+
+** Certtool now accept --password for --key-info and encrypted PKCS#8 keys.
+Earlier it would have prompted the user for it, even if --password was
+supplied.
+
+** Added self test of PKCS#8 parsing.
+Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and
+pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in
+tests/pkcs8.
+
+** API and ABI modifications:
+New function to set X.509 credentials from a PKCS#12 file:
+ gnutls_certificate_set_x509_simple_pkcs12_file
+
+New gnutls_kx_algorithm_t enum type:
+ GNUTLS_KX_DHE_PSK
+
+New API to return session data (basically same as gnutls_session_get_data):
+ gnutls_session_get_data2
+
+New API to set PSK Diffie-Hellman parameters:
+ gnutls_psk_set_server_dh_params
+
+* Version 1.3.0 (2005-11-15)
+
+** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added.
+This add several new APIs, see below. Read the updated manual for
+more information. A new self test "pskself" has been added, that will
+test this functionality.
+
+** The session resumption data are now system independent.
+
+** The code has been re-indented to conform to the GNU coding style.
+
+** Removed the RIPEMD ciphersuites.
+
+** Added a discussion of the internals of gnutls in manual.
+
+** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin.
+
+** Remove trailing comma in enums, for IBM C v6, from Albert Chin.
+
+** Make sure config.h is included first in a few files, from Albert Chin.
+
+** Don't use C++ comments ("//") as they are invalid, from Albert Chin.
+
+** Don't install SRP programs and man pages if --disable-srp-authentication,
+from Albert Chin.
+
+** API and ABI modifications:
+New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK
+
+New gnutls_credentials_type_t credential type:
+ GNUTLS_CRD_PSK
+
+New credential types:
+ gnutls_psk_server_credentials_t
+ gnutls_psk_client_credentials_t
+
+New functions to allocate PSK credentials:
+ gnutls_psk_allocate_client_credentials
+ gnutls_psk_free_client_credentials
+ gnutls_psk_free_server_credentials
+ gnutls_psk_allocate_server_credentials
+
+New enum type for PSK key flags:
+ gnutls_psk_key_flags
+
+New function prototypes for credential callback:
+ gnutls_psk_client_credentials_function
+ gnutls_psk_server_credentials_function
+
+New function to set PSK username and key:
+ gnutls_psk_set_client_credentials
+
+New function to set PSK passwd file:
+ gnutls_psk_set_server_credentials_file
+
+New function to extract PSK user in server:
+ gnutls_psk_server_get_username
+
+New functions to set PSK callback:
+ gnutls_psk_set_server_credentials_function
+ gnutls_psk_set_client_credentials_function
+
+Use size_t instead of int for output size parameter:
+ gnutls_srp_base64_encode
+ gnutls_srp_base64_decode
+
+* Version 1.2.11 (2006-05-11)
+- The function gnutls_x509_crt_to_xml is not supported any more, and
+ return an internal error. The reason is that the function called
+ internal libtasn1 functions which are no longer exported from
+ libtasn1.
+- Updated libtasn1 requirement to 0.3.4 and refreshed internal mintiasn1.
+- Updated gnulib compatibility files.
+- Fixed _gnutls_x509_get_raw_crt_expiration_time and
+ _gnutls_x509_get_raw_crt_activation_time to return (time_t)-1 on errors.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.10 (2006-02-09)
+- Fix read out bounds bug in DER parser. Reported by Evgeny Legerov
+ <admin@gleg.net>, and debugging help from Protover SSL.
+- Libtasn1 0.2.18 is now required (contains the previous bug fix).
+ The included version has been updated too.
+- Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
+ Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>.
+- Corrected a bug in certtool for 64 bit machines. Reported
+ by Max Kellermann <max@duempel.org>.
+- Corrected bugs in gnutls_certificate_set_x509_crl() and
+ gnutls_certificate_set_x509_trust(), that caused memory corruption if
+ more than one certificates were added. Report and patch by Max Kellermann.
+- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no
+ longer invalidate a session if the underlying send fails, but it will
+ prevent future writes. That is to allow reading the already received data.
+ Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org>
+
+* Version 1.2.9 (2005-11-07)
+- Documentation was updated and improved.
+- RSA-MD2 is now supported for verifying digital signatures.
+- Due to cryptographic advances, verifying untrusted X.509
+ certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
+ GNUTLS_CERT_INSECURE_ALGORITHM verification output. For
+ applications that must remain interoperable, you can use the
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
+ flags when verifying certificates. Naturally, this is not
+ recommended default behaviour for applications. To enable the
+ broken algorithms, call gnutls_certificate_set_verify_flags with the
+ proper flag, to change the verification mode used by
+ gnutls_certificate_verify_peers2.
+- Make it possible to send empty data through gnutls_record_send,
+ to align with the send(2) API.
+- Some changes in the certificate receiving part of handshake to prevent
+ some possible errors with non-blocking servers.
+- Added numeric version symbols to permit simple CPP-based feature
+ tests, suggested by Daniel Stenberg <daniel@haxx.se>.
+- The (experimental) low-level crypto alternative to libgcrypt used
+ earlier (Nettle) has been replaced with crypto code from gnulib.
+ This leads to easier re-use of these components in other projects,
+ leading to more review and simpler maintenance. The new configure
+ parameter --with-builtin-crypto replace the old --with-nettle, and
+ must be used if you wish to enable this functionality. See README
+ under "Experimental" for more information. Internally, GnuTLS has
+ been updated to use the new "Generic Crypto" API in gl/gc.h. The
+ API is similar to the old crypto/gc.h, because the gnulib code were
+ based on GnuTLS's gc.h.
+- Fix compiler warning in the "anonself" self test.
+- API and ABI modifications:
+gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>.
+ This doesn't reflect a change in behaviour,
+ so we don't break backwards compatibility.
+GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value.
+GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value.
+GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2,
+GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values.
+ Use when calling
+ gnutls_x509_crt_list_verify,
+ gnutls_x509_crt_verify, or
+ gnutls_certificate_set_verify_flags.
+GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value,
+ used when broken signature algorithms
+ is used (currently RSA-MD2/MD5).
+LIBGNUTLS_VERSION_MAJOR,
+LIBGNUTLS_VERSION_MINOR,
+LIBGNUTLS_VERSION_PATCH,
+LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS
+ version number, can be used for feature existence
+ tests.
+
+* Version 1.2.8 (2005-10-07)
+- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers.
+- Don't install the auxilliary libexamples library used by the
+ examples in doc/examples/ on "make install", report and tiny patch
+ from Thomas Klausner <tk@giga.or.at>.
+- If you pass a X.509 CA or PGP trust database to the command line
+ tool, it will now abort the connection if the server certificate
+ validation fails. Use the parameter --insecure to continue even
+ after certificate validation failures. Inspired from discussion
+ with Alexander Kotelnikov <sacha@myxomop.com>.
+- The test for socklen_t has been moved to gnulib.
+- Link failures for duplicate or missing "program_name" symbol has been fixed,
+ patch from Martin Lambers <marlam@marlam.de>.
+- The command line tool and the examples no longer uses mmap or bzero,
+ to make them more portable, patch from Martin Lambers
+ <marlam@marlam.de>.
+- Made the PKCS #12 API handle null passwords. Based on patch by
+ Anton Altaparmakov <aia21@cam.ac.uk>.
+- The GTK-DOC manual should build with current released tools.
+ (But a copy of the output is included, so the tools are not required.)
+- The inet_ntop function is now used through gnulib.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.7 (2005-09-09)
+- The GnuTLS and GnuTLS-extra libraries are now built with versioned symbols.
+- Certtool now complains when reading out-of-range X.509 serial
+ numbers, suggested by Fran <e_agf@yahoo.es>.
+- Certtool now uses the readline library (when available) when reading
+ X.509 serial numbers.
+- Fixed build problems in getpass on uClibc and Mingw32 platforms.
+- Fixed compile warning regarding socklen_t on Mingw32, reported by
+ Martin Lambers <marlam@marlam.de>.
+- Fixed examples in doc/examples/, suggested by Fran <e_agf@yahoo.es>.
+- Gnulib is now used for the core library, enabling future code cleanups.
+- The gnutls-cli tool now use gnutls_certificate_verify_peers2,
+ suggested by Daniel Stenberg <daniel@haxx.se>.
+- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull.
+- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros).
+- Disable zlib support if zlib.h is not present.
+- A number of internal cleanups.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.6 (2005-07-16)
+- MiniLZO updated to version 2.01 and moved to separate directory.
+- Collision between system LZO header files and MiniLZO header file
+ fixed, reported by Matthias Urlichs <smurf@smurf.noris.de>.
+- Will now test for liblzo functionality in liblzo2 too, reported by
+ Thomas Klausner <tk@giga.or.at>.
+- Minilibtasn1 is now 0.2.14 (no code changes).
+- Some code changes to avoid GTK-DOC warnings.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.5 (2005-07-03)
+- More builddir != srcdir fixes, reported by Mike Castle
+ <dalgoda@ix.netcom.com>.
+- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn,
+ reported by Adam Langley <alangley@gmail.com>.
+- Corrected some stuff in minilzo detection. Pointed out by
+ Sergey Lipnevich.
+- MiniLZO updated to version 2.00.
+- gnutls_x509_crt_list_import now accept a DER formatted CRL.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.4 (2005-05-28)
+- Corrected some bugs that could affect 64 bit systems.
+- Some corrections in the header files to include the prototype
+ of memmem properly (affected 64 bit systems). Report and patch
+ by Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- Introduced the --fix-key option to certtool, which can be used to
+ regenerate the (optional) parameters in a private key. It should
+ be used together with --key-info.
+- Corrected a bug in certificate chain verification that could lead
+ to marking a trusted chain as non trusted, if the last certificate in
+ the chain was a self signed one.
+- Gnulib portability files were updated.
+- License were updated to reflect new FSF address.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.3 (2005-04-28)
+- Corrected bug in record packet parsing that could lead
+ to a denial of service attack.
+- Corrected bug in RSA key export. Previously exported keys
+ can be fixed using certtool. Use certtool -k <infile >outfile
+- API and ABI modifications:
+ gnutls_x509_privkey_fix(): Add.
+
+* Version 1.2.2 (2005-04-25)
+- gnutls_error_to_alert() now considers
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
+- Fixed error in session resuming that could cause a crash in a session.
+- Fixed pkcs12 friendly name and local key identifier decoding.
+- Internal cleanups, removed duplicate typedef/struct definitions,
+ and made source code include external include file, to check
+ function prototypes during compile time.
+- API and ABI modifications:
+ No changes since last version. At least not intentional, but due
+ to the include header changes, there may be inadvertant changes,
+ please let us know if you find any.
+
+* Version 1.2.1 (2005-04-04)
+- gnutls_bye() will no longer fail when RDWR is used and application
+ data are available for reading.
+- Added more strict checks for the SRP parameters (g,n), when they
+ are not in the included list.
+- Added warning to certtool when MD5 is being used for digital
+ signatures.
+- Optimizations ("-O2 -finline-functions") are not enabled by default,
+ instead the standard autoconf defaults are used. Use `./configure
+ CFLAGS="-O2 -finline-functions"' to get the old optimizations.
+- Added the option --get-dh-params to certtool, in order to get the
+ parameters included in the library primes and generators.
+- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
+ allow only trusted Version 1 CAs and introduced
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
+- Nettle self tests now build properly, reported by Pierre
+ <pierre42d@9online.fr>.
+- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
+ Reported by Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- If the library has been compiled with features disabled, a warning is
+ issued during the compilation of any program.
+- API and ABI modifications:
+ gnutls_x509_crt_list_import(): Add
+ gnutls_x509_crq_get_attribute_by_oid(): Add.
+ gnutls_x509_crq_set_attribute_by_oid(): Add
+ gnutls_x509_crt_set_extension_by_oid(): Add.
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Modify semantics.
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Add, old behaviour.
+
+* Version 1.2.0 (2005-01-27)
+- Added the definitions and OIDs for the RIPEMD-160 hash algorithm.
+- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and
+ gnutls_x509_crl_sign2().
+- Fixed license header in source code files.
+
+* Version 1.1.23 (2005-01-18)
+- It is now possible to generate PKCS#12 structures without private
+ keys using "certtool --to-p12", suggested by Fabian Fagerholm
+ <fabbe@paniq.net>.
+- Certtool now prints information for the RSA and DSA parameters of
+ certificates and private keys.
+- Corrected the write of CRL distribution points.
+- The certificate chain verification function now checks certificates
+ in the reverse order to minimize the spent resources.
+- Corrected several bugs found by Marcin Garski <mgarski@post.pl>
+- The functions gnutls_x509_crl_get_issuer_dn, gnutls_x509_crq_get_dn,
+ gnutls_x509_crt_get_issuer_dn, gnutls_x509_crt_get_dn, and
+ gnutls_x509_rdn_get now set *sizeof_buf to the buffer length that is
+ required, instead of the string length. That is, the value has been
+ incremented by 1 to account for the terminating zero. Reported by
+ Martin Lambers <marlam@web.de>.
+- Debug output shouldn't crash on platforms that doesn't handle NULL
+ printf %s values. Reported by Michael.Ringe@aachen.utimaco.de.
+- Sync included copy of libtasn1 with version 0.2.13.
+- Client X.509 authenticated connections via gnutls-cli should now work again.
+
+* Version 1.1.22 (2004-11-04)
+- Replace GNU LD version script with Libtool -export-symbols-regex,
+ from Joe Orton <joe@manyfish.co.uk>.
+- Documentation improvements.
+- Code indented using 'indent -i4 -kr'.
+- The API manual is included in Devhelp format. (Was in last release too,
+ but the NEWS entry was forgotten.)
+- The OpenSSL compatibility code now use the internal crypto interface.
+- Added simple self test of OpenSSL compatibility library.
+- Internally, libtool convenience libraries are used.
+- Cleanups to configure.ac.
+
+* Version 1.1.21 (2004-10-27)
+- Print DN of certificates with unknown characters in them, but in hexform
+ only.
+- Added second precision to the X.509 parsing and generation functions.
+- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the
+ actual OID.
+- Add parameter --la-file to libgnutls-config and libgnutls-extra-config,
+ tiny patch contributed by Joe Orton <joe@manyfish.co.uk>.
+- Add pkg-config meta files, suggested by Stéphane LOEUILLET
+ <stephane.loeuillet@tiscali.fr>.
+- Fix memory initializaion bug in gnutls_certificate_set_x509_trust,
+ tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>.
+- Add self test of PKCS#12 functionality in "certtool", based on test
+ vectors from Joe Orton <joe@manyfish.co.uk>.
+- Fix library order in libgnutls*-config --libs output, to permit
+ static linking, reported by Yoann Vandoorselaere
+ <yoann@prelude-ids.org>.
+
+* Version 1.1.20 (2004-10-12)
+- Fix compile problem in gl/getpass.c on some systems.
+
+* Version 1.1.19 (2004-10-07)
+- Fix memory leak in gnutls_certificate_verify_peers and
+ gnutls_certificate_free_credentials, report and patch by Simon
+ Posnjak <simon.posnjak@cetrtapot.si>.
+- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting
+ a key and no certificate to PKCS#12.
+- Fix objdir != srcdir builds, reported by "Gerrit P. Haase"
+ <gp@familiehaase.de>.
+- Fixes faulty getpass implementation in libextra/opencdk/, reported
+ by Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- Uses memmem instead of strnstr in lib/.
+- Using more GNULib portability files, although not yet inside lib/.
+- Added gnutls_certificate_verify_peers to gnutls/compat.h.
+ Nikos deprecated gnutls_certificate_verify_peers in favor of
+ gnutls_certificate_verify_peers2 earlier in the 1.1 branch.
+- Improvements to the manual.
+- Add new example "ex-rfc2818" for certificate verification, from Nikos.
+- Known bug: the library require snprintf. This has not yet been
+ fixed, but will be handled via GNULib later on.
+
+* Version 1.1.18 (2004-08-24)
+- Corrected handling of certificate with dates after year 2038.
+- Corrected DER decoder which could incorrectly treat input as BER and fail.
+- Correct certtool --smime-to-p7 end of line character handling.
+- Added example client and server for anonymous authentication.
+- Added self test that tests anonymous TLS client and server.
+- Added self tests of Nettle and generic crypto layer.
+- Added API reference manual in HTML format in doc/reference/ using GTK-DOC.
+ Online version at <https://www.gnu.org/software/gnutls/reference/>.
+- Assume C89 or better; removed checks for size_t, ptrdiff_t and time_t.
+- Man pages for API functions are included.
+
+* Version 1.1.17 (2004-08-18)
+- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption,
+ reported by Robey Pointer <robey@danger.com>.
+- Generic crypto interface for secret key ciphers, hashes and randomness added.
+ See section "Experimental" within section "COMPILATION ISSUES" in README.
+- Removed length limit on passwords read by 'certtool'.
+- Documentation fixes.
+
+* Version 1.1.16 (2004-08-15)
+- Fix missing gnulib linker parameter when building certtool.
+- Add gnulib module 'progname', needed by module 'error'.
+- Improve building with srcdir != objdir.
+
+* Version 1.1.15 (2004-08-15)
+- Certtool has simplistic --smime-to-p7 to translate RFC 2633 messages into
+ PKCS #7 format.
+- Ported to Mac OS X / Darwin.
+- Ported to FreeBSD.
+
+* Version 1.1.14 (2004-08-09)
+- Documentation converted to Texinfo format.
+- Bug fix of test suite.
+- Configure now print build information, used by Autobuild.
+
+* Version 1.1.13 (2004-08-05)
+- Added simple self test suite.
+
+* Version 1.1.12 (2004-08-02)
+- Updated the SRP authentication to conform to the
+ latest (yet unreleased) draft. Unfortunately this breaks
+ compatibility with previous versions.
+- Changed the makefiles to be more portable.
+- SRP ciphersuites were moved to the gnutls library.
+- Added some default limits in the verification of certificate
+ chains, to avoid denial of service attacks. Also added
+ gnutls_certificate_set_verify_limits() to override them.
+ Issue pointed out by Patrik Hornik <patrik@hornik.sk>.
+- Added gnutls_certificate_verify_peers2().
+
+* Version 1.1.11 (2004-07-16)
+- Added the '_t' suffix to all exported symbols.
+- Fixed bug in RSA encryption, report and patch by Martijn Koster
+ <mak@greenhills.co.uk>.
+- Corrected a bug in certificate verification. Pointed out by
+ Yoann Vandoorselaere <yoann@prelude-ids.org>
+- Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the
+ verification functions.
+- The ephemeral DH and RSA parameters are no longer stored in the
+ session resume DB.
+- Do not free the SRP (prime and generator) parameters obtained from the
+ callback if they are the static ones defined in extra.h
+- Eliminated some memory leaks. Reported by Yoann Vandoorselaere.
+
+* Version 1.1.10 (2004-06-12)
+- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
+- Corrected bug in TLS renegotiation.
+- Corrected bug in OpenPGP key loading using a callback.
+- gnutls-srpcrypt was renamed to srptool
+- Allow handshake requests by the client.
+- Automatically disable certificate types that do not have corresponding
+ certificates.
+- Added gnutls_auth_client_get_type() and gnutls_auth_server_get_type()
+- Opencdk library is being included if not found.
+- certtool can now add ip address SAN extension.
+- certtool has now support for more X.520 DN attribute types.
+- Better handling of EOF in gnutls_record_recv().
+- _gnutls_deinit() is no longer used. Sessions are not
+ automatically removed any more, on abnormal termination.
+- Corrected session resuming in SRP ciphersuites.
+- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07)
+- Added new functions to allow access to the ephemeral
+ Diffie Hellman parameters.
+- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and
+ gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates.
+- Added the functions gnutls_dh_get_group(), gnutls_dh_get_pubkey() and
+ gnutls_rsa_export_get_pubkey() to retrieve parameters of the DH or
+ RSA-EXPORT key exchange.
+- Some fixes in the session resuming code.
+- Added gnutls_openpgp_keyring_check_id().
+
+* Version 1.1.9 (2004-04-14)
+- Added support for authority key identifier and the extended key usage
+ X.509 extension fields. The certtoool was updated to support them.
+- The RC2 cipher is no more included. The one in libgcrypt is now used.
+- Added batch support to certtool. Now it can use templates.
+
+* Version 1.1.8 (2004-04-07)
+- Implemented all the tests for the SRP group parameters in
+ client side. This may lead to incompatibility with very
+ old gnutls servers.
+- Corrected bug in RSA parameters handling which could cause
+ unexpected crashes.
+- Optimized the copying of rsa_params.
+
+* Version 1.1.7 (2004-03-29)
+- Added gnutls_certificate_set_params_function() and
+ gnutls_anon_set_params_function() that set the RSA or DH
+ parameters using a callback.
+- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()
+ and gnutls_x509_privkey_cpy().
+- Corrected a compilation issue when opencdk was installed in a
+ non standard directory.
+- Deprecated: gnutls_srp_server_set_select_function(),
+ gnutls_certificate_client_set_select_function(), gnutls_srp_server_set_select_function().
+
+* Version 1.1.6 (2004-02-24)
+- Several bug fixes, by Arne Thomassen.
+- Fixed a bug where 'server name' extension was always sent.
+
+* Version 1.1.5 (2004-01-06)
+- Added the gnutls_sign_algorithm type.
+
+* Version 1.1.4 (2004-01-04)
+- Improved gnutls-cli's SRP behaviour in SRP ciphersuites.
+ If they are of highest priority then the abbreviated handshake
+ is used.
+- Removed all references of missing files.
+- Changed handshake behaviour to send the lowest TLS version
+ when an unsupported version was advertized. The current behaviour
+ is to send the maximum version we support.
+- Corrected problem printing the DC attributes in a DN.
+
+* Version 1.1.3 (2003-12-30)
+- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection
+ hack).
+
+* Version 1.1.2 (2003-12-28)
+- Added CRL verification functionality to certtool.
+- Corrected the CRL distribution point extension handling.
+
+* Version 1.1.1 (2003-12-26)
+- Added PKCS #7 support to certtool utility.
+- Added support for reading and generating CRL distribution
+ points extensions in certificates.
+- Added support for generating CRLs in the library and the
+ certtool utility.
+- Added support for the Subject Key ID PKIX extension.
+
+* Version 1.1.0 (2003-12-21)
+- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
+ are no longer returned by the handshake function. Ciphersuites that
+ require temporary parameters are removed when such parameters do not exist.
+- Added the callbacks gnutls_certificate_client_retrieve_function() and
+ gnutls_certificate_server_retrieve_function(), to allow a client or a server
+ to specify certificates for the handshake without storing them to the
+ credentials structure.
+- Added support for generating and exporting DSA private keys.
+- Added gnutls_x509_crt_set_key_usage() and certtool can now set the
+ certificate's key usage.
+- Added gnutls_openpgp_key_get_key_usage().
+
+* Version 1.0.25 (2005-04-27)
+- Corrected bug in record packet parsing that could lead
+ to a denial of service attack.
+- Corrected bug in RSA key export.
+
+* Version 1.0.24 (2005-01-18)
+- Corrected several bugs found by Marcin Garski <mgarski@post.pl>
+
+* Version 1.0.23 (2004-11-13)
+- Replace GNU LD version script with Libtool -export-symbols-regex,
+ from Joe Orton <joe@manyfish.co.uk>.
+- Copy libtasn1 has been updated to version 0.2.11.
+- Corrected the write of CRL distribution points.
+- It is now possible to generate PKCS#12 structures without private
+ keys using "certtool --to-p12", suggested by Fabian Fagerholm
+ <fabbe@paniq.net>.
+
+* Version 1.0.22 (2004-10-28)
+- Print DN of certificates with unknown characters in them, but in hexform
+ only.
+- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the
+ actual OID.
+- Added second precision to the X.509 parsing functions.
+- Add parameter --la-file to libgnutls-config and libgnutls-extra-config,
+ tiny patch contributed by Joe Orton <joe@manyfish.co.uk>.
+- Add pkg-config meta files, suggested by Stéphane LOEUILLET
+ <stephane.loeuillet@tiscali.fr>.
+- Fix memory initializaion bug in gnutls_certificate_set_x509_trust,
+ tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>.
+- Fix certtool --password for PKCS #12, back ported from 1.1.x branch.
+- Fix library order in libgnutls*-config --libs output, to permit
+ static linking, reported by Yoann Vandoorselaere
+ <yoann@prelude-ids.org>.
+
+* Version 1.0.21 (2004-10-07)
+- Fix memory leak in gnutls_certificate_verify_peers and
+ gnutls_certificate_free_credentials, report and patch by Simon
+ Posnjak <simon.posnjak@cetrtapot.si>.
+- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting
+ a key and no certificate to PKCS#12.
+- Fix objdir != srcdir builds, reported by "Gerrit P. Haase"
+ <gp@familiehaase.de>.
+- Avoid redefining getpass if system already has it, reported by
+ Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- Add new example "ex-rfc2818" for certificate verification, from Nikos.
+- Known bug: the library require snprintf.
+
+* Version 1.0.20 (2004-08-18)
+- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption,
+ reported by Robey Pointer <robey@danger.com>.
+
+* Version 1.0.19 (2004-08-09)
+- Bug fix of test suite.
+
+* Version 1.0.18 (2004-08-05)
+- Added simple self test suite.
+
+* Version 1.0.17 (2004-08-02)
+- Updated the SRP authentication to conform to the
+ latest (yet unreleased) draft. Unfortunately this breaks
+ compatibility with previous versions.
+- Changed the makefiles to be more portable.
+- Added some default limits in the verification of certificate
+ chains, to avoid denial of service attacks. Also added
+ gnutls_certificate_set_verify_limits() to override them.
+ Issue pointed out by Patrik Hornik <patrik@hornik.sk>.
+- Added gnutls_certificate_verify_peers2().
+
+* Version 1.0.16 (2004-07-10)
+- Do not free the SRP (prime and generator) parameters obtained from the
+ callback if they are the static ones defined in extra.h.
+- Eliminated some memory leaks. Reported by Yoann Vandoorselaere.
+- Some fixes in the makefiles.
+
+* Version 1.0.15 (2004-06-29)
+- Fixed bug in RSA encryption, report and patch by Martijn Koster
+ <mak@greenhills.co.uk>.
+- Corrected a bug in certificate verification. Pointed out by
+ Yoann Vandoorselaere <yoann@prelude-ids.org>.
+
+* Version 1.0.14 (2004-06-12)
+- Automatically disable certificate types that do not have corresponding
+ certificates.
+- Updates in the documentation.
+- certtool can now add ip address SAN extension.
+- certtool has now support for more X.520 DN attribute types.
+- Opencdk library is being included if not found.
+- Added gnutls_openpgp_keyring_check_id().
+- Corrected a serious bug in the included libtasn1 library.
+- Corrected session resuming in SRP ciphersuites.
+- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07)
+- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and
+ gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates.
+- Some fixes in the session resuming code.
+
+* Version 1.0.13 (2004-04-29)
+- Some complilation fixes.
+- Added the --xml parameter to the certtool utility.
+
+* Version 1.0.12 (2004-04-23)
+- Corrected bug in OpenPGP key loading using a callback.
+- Renamed gnutls-srpcrypt to srptool
+- Allow handshake requests by the client.
+* Things backported from the development branch:
+- Added support for authority key identifier and the extended key usage
+ X.509 extension fields. The certtoool was updated to support them.
+- Added batch support to certtool. Now it can use templates.
+- The RC2 cipher is no more included. The one in libgcrypt is now used.
+
+* Version 1.0.11 (2004-04-17)
+- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
+- Corrected bug in TLS renegotiation.
+
+* Version 1.0.10 (2004-04-03)
+- Corrected bug in RSA parameters handling which could cause
+ unexpected crashes.
+- Corrected bug in SSL 3.0 authentication.
+
+* Version 1.0.9 (2004-03-29)
+- Added gnutls_certificate_set_params_function() and
+ gnutls_anon_set_params_function() that set the RSA or DH
+ parameters using a callback.
+- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()
+ and gnutls_x509_privkey_cpy().
+- Corrected a compilation issue when opencdk was installed in a
+ non standard directory.
+- Documented the changes need in multi-threaded application due
+ to the new libgcrypt.
+
+* Version 1.0.8 (2004-02-28)
+- Corrected bug in mutual certificate authentication in SSL 3.0.
+
+* Version 1.0.7 (2004-02-25)
+- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection
+ hack).
+- Some updates in the documentation.
+
+* Version 1.0.6 (2004-02-12)
+* Backported things from the development branch (while maintaining
+ backwards compatibility):
+- Improved gnutls-cli's SRP behaviour in SRP ciphersuites.
+ If they are of highest priority then the abbreviated handshake
+ is used.
+- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
+ are no longer returned by the handshake function. Ciphersuites that
+ require temporary parameters are removed when such parameters do not exist.
+- Added the callbacks gnutls_certificate_client_retrieve_function() and
+ gnutls_certificate_server_retrieve_function(), to allow a client or a server
+ to specify certificates for the handshake without storing them to the
+ credentials structure.
+- Added support for generating and exporting DSA private keys.
+
+* Version 1.0.5 (2004-02-11)
+- Fixed a bug where 'server name' extension was always sent.
+* Backported things from the development branch:
+- Added CRL verification functionality to certtool.
+- Corrected the CRL distribution point extension handling.
+- Added PKCS #7 support to certtool utility.
+- Added support for reading and generating CRL distribution
+ points extensions in certificates.
+- Added support for generating CRLs in the library and the
+ certtool utility.
+- Added support for the Subject Key ID PKIX extension.
+- Added the gnutls_sign_algorithm type.
+
+* Version 1.0.4 (2004-01-04)
+- Changed handshake behaviour to send the lowest TLS version
+ when an unsupported version was advertized. The current behaviour
+ is to send the maximum version we support.
+- certtool no longer asks the password in unencrypted private
+ keys.
+- The source is now compiled to use the reentrant libc functions.
+
+* Version 1.0.3 (2003-12-21)
+- Corrected bug in gnutls_bye() which made it return an error code
+ of INVALID_REQUEST instead of success.
+- Corrected a bug in the GNUTLS_KEY key usage definitions.
+
+* Version 1.0.2 (2003-12-18)
+- Corrected a bug in the RSA key generation. This was
+ generating unusable RSA keys.
+
+* Version 1.0.1 (2003-12-10)
+- Some minor fixes in the makefiles. They now include CFLAGS
+ from libgcrypt or opencdk if installed in a non standard directory.
+- Fixed the SRP detection test in gnutls-cli-debug.
+- Added gnutls_rsa_params_export_pkcs1() and gnutls_rsa_params_import_pkcs1().
+
+* Version 1.0.0 (2003-12-04)
+- Exported the static SRP group parameters.
+- Some fixes in the certificate authenticated SRP ciphersuites.
+- Improved the support for draft-ietf-tls-srp-05. The two-phase
+ handshake is now fully supported without any interaction with
+ the application layer (except for a callback).
+
+* Version 0.9.99 (2003-11-28)
+- Some fixes in the gnutls.h header for the gnutls_server_name_set()
+ and gnutls_server_name_get() prototypes.
+- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data()
+ and gnutls_x509_crt_verify_data().
+- Some fixes in the openpgp authentication.
+- Removed the Twofish cipher.
+
+* Version 0.9.98 (2003-11-16)
+- The openssl compatibility layer was moved to gnutls-openssl
+ library instead of being included in the gnutls-extra library.
+- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04.
+- Building with openpgp support is now mandatory.
+- gnutls4 compatibility header is no longer included by default in
+ gnutls.h.
+- gnutls8 function usage yelds a deprecation warning in gcc3.
+- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid()
+ functions have a raw_flag parameter added.
+- Added gnutls_x509_*_get_dn_oid() and gnutls_x509_crt_get_extension_oid()
+ functions which return the available OIDs.
+
+* Version 0.9.97 (2003-11-11)
+- The certtool utility can now generate PKCS #12 structures
+ without specifying a certificate.
+- Added capability to read CRLs to certtool.
+- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER
+ to properly set the required buffer size.
+- Corrected a bug in libgcrypt detection.
+
+* Version 0.9.96 (2003-11-09)
+- Some changes to allow compilation with mingw32.
+- Several code cleanups.
+
+* Version 0.9.95 (2003-11-02)
+- Improved the verification functions. Added new verification
+ output flags and removed the unused and redundant ones.
+- Improved the OpenPGP key support.
+- The prime utility was removed, and its functionality was moved
+ to certtool.
+
+* Version 0.9.94 (2003-10-30)
+- Added manpages for the included programs.
+- Documented and improved the certtool utility.
+- Added PKCS #12 support to certtool utility.
+
+* Version 0.9.93 (2003-10-26)
+- Corrected some compilation issues.
+- Improved the certtool command line utility.
+
+* Version 0.9.92 (2003-10-25)
+- The RFC2818 hostname verification is now case insensitive.
+- Added support for generating X.509 certificates.
+- Added the certtool, a tool for generating X.509 certificates
+
+* Version 0.9.91 (2003-10-17)
+- Fixed a compilation issue in the openpgp authentication part.
+
+* Version 0.9.90 (2003-10-08)
+- Updated the openpgp key API (depends on the unreleased new
+ opencdk).
+
+* Version 0.9.8 (2003-10-02)
+- Updated the SRP implementation to follow the latest draft
+ (draft-ietf-tls-srp-05).
+- Improved the gnutls-cli behaviour in error handling,
+ and added a check for the peer's hostname.
+- Use versioned symbols in the library (where available).
+- RIJNDAEL ciphersuites were renamed to AES.
+
+* Version 0.9.7 (2003-08-25)
+- The tex files are now included in the distribution.
+- The library can now decrypt PKCS #12 files encrypted with
+ the RC2-40 cipher.
+- The missing rfc2818_hostname object is now included.
+- Several corrections and bug fixes in the library by
+ Arne Thomassen <arne@arne-thomassen.de>.
+- CR is now allowed in the base64 decoder.
+
+* Version 0.9.6 (2003-06-28)
+- Added gnutls_x509_privkey_get_key_id() and gnutls_x509_crt_get_key_id()
+ functions which return a unique (per public key) ID. These can
+ be used to check if the private key corresponds to a given certificate.
+- Corrections in the TLS layer openpgp certificate packet parser.
+- Corrected a bug in the record layer buffering, which affected
+ the case where external pull function was used. Report and patch
+ by Sergey Poznyakoff <gray@Mirddin.farlep.net>.
+- Corrected a bug in gnutls-srpcrypt where a non allocated variable
+ was freed.
+- SRP programs are now built by default.
+- Added API to read and write to PKCS #12 structures. Prototypes
+ in gnutls/pkcs12.h.
+- The gnutls_transport_ptr type was changed to a pointer type (void*).
+
+* Version 0.9.5 (2003-04-06)
+- Several improvements in the PKCS #7 handling
+- Eliminated several hard coded constants in MPI parameters.
+
+* Version 0.9.4 (2003-03-28)
+- Corrected a parsing error in the Certificate request message.
+- Corrected behaviour when a certificate request message is received.
+ Now a certificate packet is always sent, and in SSL 3.0 cipher suites
+ a no_certificate alert is sent instead.
+- Added functionality to generate PKCS #7 structures (with certificates).
+
+* Version 0.9.3 (2003-03-24)
+- Support for MD2 was dropped.
+- Improved the error logging functions, by adding a level, and
+ by allowing debugging messages just by increasing the level.
+- The diffie Hellman ciphersuites are now of higher priority than
+ the plain RSA.
+- The RSA premaster secret version check can no longer be disabled.
+- Implemented the counter measure discussed in the paper "Attacking
+ RSA-based Sessions in SSL/TLS", against the attack described in the
+ same paper.
+- Added the functions: gnutls_handshake_get_last_in(),
+ gnutls_handshake_get_last_out().
+- The gnutls_certificate_set_rsa_params() was renamed to
+ gnutls_certificate_set_rsa_export_params().
+- Added the new functions: gnutls_certificate_set_x509_key()
+ gnutls_certificate_set_x509_trust(), gnutls_certificate_set_x509_crl(),
+ gnutls_x509_crt_export(), gnutls_x509_crl_export().
+- Added support for encoding and decoding PKCS #8 2.0 encrypted
+ RSA private keys.
+
+* Version 0.9.2 (2003-03-15)
+- Some corrections in the memory mapping code (file is unmapped after
+ it is read).
+- Added support for PKCS#10 certificate requests generation.
+
+* Version 0.9.1 (2003-03-12)
+- Corrected a bug in 64 bit architectures, which affected the
+ serial number calculation in the record layer.
+- Added gnutls_certificate_free_keys() which deletes all the
+ private keys and certificates from the credentials structure.
+- Corrected a broken buffer check in _gnutls_io_read_buffered(),
+ which caused some unexpected packet length errors. Report and patch
+ by Ian Peters <itp@ximian.com>.
+- Added ability to generate RSA keys.
+- Increased the maximum parameter size in order to read some large keys
+ by some CAs. Patch by Ian Peters <itp@ximian.com>.
+- Added an strnstr() function and the requirement in some functions to
+ use null terminated PEM structures is no more.
+- Use mmap() if available to read files.
+- Fixed a memory leak in SRP code reported by Rupert Kittinger
+ <r.kittinger@efkon.com>.
+
+* Version 0.9.0 (2003-03-03)
+- This version is not binary compatible with the previous ones.
+- The library notifies the application on empty and illegal SRP usernames,
+ so that proper notification (via an alert) is sent to the peer.
+- Added ability to send some messages back to the application using
+ the gnutls_global_set_log_function().
+- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use
+ gnutls_malloc() to allocate the output parameters.
+- Added support for MD2 algorithm in certificate signature verification.
+- The RSA and DH parameter generation interface was changed. Added
+ ability to import and export from and to PKCS3 structures. This
+ was needed to read parameters generated using the openssl dhparam tool.
+- Several changes in the temporary (DH/RSA) parameter codebase. No DH
+ parameters are now included in the library. Also the credentials structure
+ can now hold only one temporary parameter of a kind.
+- Added a new Certificate, CRL, Private key and PKCS7 structures handling
+ API, defined in gnutls/x509.h
+- Added gnutls_certificate_set_verify_flags() function to allow setting the
+ verification flags in the credentials structure. They will be used in the
+ *verify_peers functions.
+- Added protection against the new TLS 1.0 record layer timing attack.
+- Added support for Certificate revocation lists. Functions defined
+ in gnutls/x509.h
+- The only functions that were removed are:
+ gnutls_x509_certificate_to_xml()
+ gnutls_x509_extract_dn_string()
+- Ported to libtasn1 0.2.x
+
+* Version 0.8.1 (2003-01-22)
+- Improved the SRP support, to prevent attackers guessing the
+ available usernames by brute force.
+- Improved the SRP detection in gnutls-cli-debug
+- Some fixes which now allow compilation.
+
+* Version 0.8.0 (2003-01-20)
+- Added gnutls_x509_extract_dn_string() which returns a
+ distinguished name in a single string.
+- Added gnutls_openpgp_extract_key_name_string() which returns
+ an openpgp user ID in a single string.
+- Added gnutls_x509_extract_certificate_ca_status() which returns
+ the CA status of the given certificate.
+- Added SRP-6 support. Follows draft-ietf-tls-srp-04.
+- If libtasn1 is not present in the system, it is included in
+ the main gnutls library.
+- If liblzo is present in the system, then the included minilzo
+ will not be used, and libgnutls-extra will depend on liblzo.
+- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR,
+ and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also
+ replaced by GNUTLS_E_BASE64_DECODING_ERROR.
+
+* Version 0.6.0 (2002-12-08)
+- Added "gnutls/compat4.h" header. This is included in gnutls.h
+ to emulate the old 0.4.x API.
+- Example programs are now stored in doc/examples/
+- Several improvements and updates in the documentation.
+- Added the certificate authenticated SRP cipher suites.
+- gnutls_x509_extract_certificate_dn_string() was updated to return
+ an RFC2253 conforming string.
+- Added the SRP related functions:
+ gnutls_srp_verifier()
+ gnutls_srp_base64_encode()
+ gnutls_srp_base64_decode()
+- Added the function gnutls_srp_set_server_credentials_function()
+ to allow retrieving SRP parameters from an external backend - other
+ than password files.
+- Added the function gnutls_openpgp_set_recv_key_function()
+ which can be used to set a callback, to get OpenPGP keys.
+- Exported the functions:
+ gnutls_malloc()
+ gnutls_free()
+ which should be used by callback functions.
+- Changed the semantics of gnutls_pem_base64_encode_alloc()
+ and gnutls_pem_base64_decode_alloc(). In the default case
+ were the gnutls library is used with malloc/realloc/free,
+ these are binary compatible.
+
+* Version 0.5.11 (2002-11-05)
+- Some fixes in 'gnutls-cli' client program to prevent some segmentation
+ faults at exit.
+- Example programs found in the documentation can now be generated by
+ running "make examples" in doc/tex directory.
+- Added more descriptive error strings, to gnutls_strerror().
+- Documented error codes, and the function reference list is now sorted.
+- Optimized buffering code.
+- gnutls_x509_extract_certificate_dn_string() was rewritten.
+- Added GNUTLS_E_SHORT_MEMORY_BUFFER error code, which is returned in the
+ case where the memory buffer provided is not long enough.
+- Depends on the new OpenCDK 0.3.2.
+
+* Version 0.5.10 (2002-10-13)
+- Updated documentation.
+- Added server name extension. This allows clients to specify the
+ name of the server they connect to. Useful to HTTPS.
+- Several corrections in the code base, mostly in signed/unsigned,
+ checkings.
+
+* Version 0.5.9 (2002-10-10)
+- Corrected some code which worked fine in gcc 3.2, but not with any
+ other compiler.
+- Updated 'gnutls-cli' with the '--starttls' option, to allow testing
+ starttls implementations.
+- Added gnutls_x509_extract_key_pk_algorithm() function which extracts
+ the private key type, of a DER encoded key.
+- Added gnutls_x509_extract_certificate_dn_string() which returns the
+ certificate's distinguished name in a single string.
+- Added gnutls_set_default_priority() and gnutls_set_default_export_priority()
+ functions, to avoid calling all the *_priority() functions if the defaults
+ are acceptable.
+- Added int gnutls_x509_check_certificates_hostname() which check whether
+ the given hostname matches the owner of the given X.509 certificate.
+
+* Version 0.5.8 (2002-09-25)
+- Updated documentation.
+- Added gnutls_record_get_direction() which replaces the obsolete
+ gnutls_handshake_get_direction().
+- Added function to convert error codes to alert descriptions
+- Added LZO compression
+
+* Version 0.5.7 (2002-09-11)
+- Some fixes in the memory allocation functions (realloc).
+- Improved the string functions used in XML certificate generation.
+- Removed dependency on libgdbm.
+- Corrected bug in gnutls_dh_params_set() which affected
+ gnutls_dh_params_deinit().
+- Corrected bug in session resuming code in server side.
+
+* Version 0.5.6 (2002-09-06)
+- Corrected bugs in SRP implementation, which prevented gnutls
+ to interoperate with other implementations. (interoperability testing
+ was done by David Taylor)
+- Corrected bug in cert_type extension.
+- Corrected extension type checks which used an 8 bit extension size,
+ instead of 16 bits.
+- Added versioning in the XML output of certificate functions.
+- Removed the X.509 test suite.
+
+* Version 0.5.5 (2002-09-03)
+- Updated the SRP implementation to the latest draft. The blowfish
+ crypt implementation was removed, since the new draft does not allow
+ other hash algorithms except for the srpsha.
+- Renamed all the constructed types in order to have more consistent
+ names.
+- Improved the certificate and key read functions. Now they can read
+ the certificate and the private key from the same file.
+- Updated and corrected documentation.
+
+* Version 0.5.4 (2002-08-27)
+- Fixes in TLS 1.0 PRF and SSL3 random functions.
+- gnutls_handshake_set_exportable_detection() was obsoleted.
+- Added gnutls_openpgp_extract_key_id() which returns the key ID.
+- Corrected bug in DHE key exchange
+- Added support for temporary RSA keys which are needed for the
+ export cipher suites.
+- Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite.
+
+* Version 0.5.3 (2002-08-23)
+- No changes. Replaces the tarball of 0.5.2 which accidentally contained
+ code from the unstable branch.
+
+* Version 0.5.2 (2002-08-22)
+- Added an error code that is returned in clients which connect
+ to export only servers. This must be enabled using the
+ gnutls_handshake_set_exportable_detection() function.
+- Updated openssl compatibility layer.
+- Added gnutls_handshake_get_direction() function which returns
+ the state of the handshake when interrupted.
+
+* Version 0.5.1 (2002-07-17)
+- Corrected the m4 macros which used <gnutls.h> instead of
+ <gnutls/gnutls.h>
+- Documentation fixes
+- Added gnutls_transport_set_ptr2() function, which accepts two
+ different pointers, to be used while receiving, and
+ while sending data.
+- Semantic changes in gnutls_record_set_max_size(). The requested
+ size is now immediately enforced at the output buffers.
+- gnutls_global_init_extra() now fails if the library versions do
+ not match.
+- Fixes in client and server example programs. Null encryption can
+ be used in these programs, to assist in debuging.
+- Fixes in zlib compression code.
+
+* Version 0.5.0 (2002-07-06)
+- Added X.509 certificate tests in tests/ directory
+- Removed stubs for SRP and Anonymous authentication. They served
+ no purpose since they are always included, unless it was requested
+ not to do so.
+- Added gnutls_handshake_set_private_extensions() function. This
+ function can be used to enable private (gnutls specific) cipher suites
+ and compression algorithms.
+- Added check for C99 macro support by the compiler.
+- Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2()
+- Added the new libtasn1 library.
+- Removed the gdbm backend. Applications are now responsible for the
+ session resuming backend. The gnutls-serv application contains an
+ simple example on how to use gdbm for resuming.
+- Headers for the gnutls library are now installed in $(includedir)/gnutls
+- Added an OpenSSL compatible interface (with some limitations).
+- Added functions to convert DER encoded certificates to XML format.
+
+* Version 0.4.4 (2002-06-24)
+- Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt
+ using keys of some specific size.
+
+* Version 0.4.3 (2002-05-23)
+- The gnutls-extra library now compiles fine, if the opencdk library is
+ not present.
+- Several bug fixes.
+- Added gnutls_global_set_mem_func() function, to set the memory allocation
+ functions, if other than the defaults are to be used.
+- The default memory allocation functions are now the ones in libc.
+
+* Version 0.4.2 (2002-05-21)
+- Separated ASN.1 structures parser documentation and TLS library
+ documentation.
+- Added gnutls_handshake_set_rsa_pms() function, which disables the
+ version check in RSA premaster secret.
+- Added gnutls_session_is_resumed() function, which reports if a session
+ is a resumed one.
+- Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to
+ assist in callback functions.
+- Replaced the included 1024 bit prime for Diffie Hellman, with a new
+ random one.
+- Relicensed the library under the GNU Lesser General Public License
+- Added gnutls-extra library which contains the GPL covered code of gnutls.
+
+* Version 0.4.1 (2002-04-07)
+- Now uses alloca() for temporary variables
+- Optimized RSA signing
+- Added functions to return the peer's certificate activation and
+ expiration time.
+- Corrected time function's behaviour (the time value returned no longer
+ relate to local timezone).
+
+* Version 0.4.0 (2002-04-01)
+- Added support for RFC2630 (PKCS7) X.509 certificate sets
+- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(),
+ gnutls_openpgp_extract_key_pk_algorithm().
+- Several optimizations in the Handshake protocol
+- Several optimizations in RSA algorithm
+- Unified the return values because of small buffers.
+
+* Version 0.3.92 (2002-03-23)
+- Updated documentation
+- Combined error codes of ASN.1 parser and gnutls
+- Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration
+- Added protection against CBC chosen plaintext attack (disabled by default)
+- Improved and optimized compression support
+
+* Version 0.3.91 (2002-03-03)
+- Added gnutls-cli-debug program
+- Corrections in session resumption
+- Rehandshake can now handle negotiation of different authentication
+ type.
+- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are
+ now being installed.
+
+* Version 0.3.90 (2002-02-24)
+- Handshake messages are not kept in memory any more. Now we use
+ less memory during a handshake
+- Added support for certificates with DSA parameters
+- Added DHE_DSS cipher suites
+- Key exchange methods changed so they do not depend on the
+ certificate type. Added certificate type negotiation TLS extension.
+- Added openpgp key support (EXPERIMENTAL)
+- Improved Diffie Hellman key exchange support.
+- Bug fixes in the RSA key exchange.
+- Added check for the requested TLS extensions
+- TLS extensions now use a 16 bit type field.
+- Added a minimal string library to assist in ASN.1 parsing
+- Changes in ASN.1 parser to work with the new bison
+- Added gnutls_x509_extract_subject_alt_name(), which deprecates
+ gnutls_x509_extract_subject_dns_name()
+- gnutls_x509_set_trust_(file/mem) can now be called multiple times
+- gnutls_srp_server_set_cred_file() can now be called multiple times
+
+* Version 0.3.5 (2002-01-25)
+- Corrected the RSA key exchange method, to avoid attacks against
+ PKCS-1 formating.
+
+* Version 0.3.4 (2002-01-20)
+- Corrected bugs in DHE_RSA key exchange method
+
+* Version 0.3.3 (2002-01-19)
+- Added gnutls_x509pki_verify_certificate()
+- Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem()
+- Bug fixes in srpcrypt (based on patch by Marc Huber)
+- Bug fixes in the Handshake protocol (based on patch by Guillaume Morin)
+- Corrected library versioning
+
+* Version 0.3.2 (2002-01-05)
+- Corrected bug which did not allow a client to accept multiple CA names
+- Added gnutls_fingerprint()
+- Added gnutls_x509pki_extract_certificate_serial()
+- Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt()
+- Corrected behaviour in version advertizing
+- Updated documentation
+- Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions
+
+* Version 0.3.1 (2001-12-21)
+- Corrections in the configuration files
+- Fixes a bug in anonymous authentication
+
+* Version 0.3.0 (2001-12-17)
+- Corrected bug in new integer formatting (now we use the old format again)
+- Several corrections and usual cleanups
+
+* Version 0.2.91 (2001-12-10)
+- Fixes in MPI handling (fixes possible bug with signed integers)
+- Removed name indication extension
+- Added gnutls_transport_get_ptr() and gnutls_db_get_ptr()
+- Optimizations in server certificate callback.
+- Fixes in anonymous authentication
+- Corrections in client ciphersuite selection
+
+* Version 0.2.90 (2001-12-07)
+- gnutls_handshake(), gnutls_read() etc. functions no longer require
+ the 'SOCKET cd' argument. This argument is set using the function
+ gnutls_set_transport_ptr().
+- introduced gnutls_x509pki_get_peer_certificate_list(). This function returns
+ a list containing peer's certificate and issuers DER encoded.
+- Updated X.509 certificate handling API
+- Added callback to select the server certificate
+- More consistent function naming (changes in several function names)
+- Buffer overflow checking in ASN.1 structures parser
+- Updated documentation
+
+* Version 0.2.11 (2001-11-16)
+- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value
+ is returned, then the caller should perform a handshake or send
+ an alert to the peer.
+- Made receive buffer dynamic. Normally if no large chunks are received
+ it occupies less space.
+- Added max_record_size extension
+- Bugfixes in session handling
+- Improved non blocking IO support in the Handshake Protocol
+- Usual bugfixes and cleanups
+- Documentation updated (includes ASN.1 documentation)
+
+* Version 0.2.10 (2001-11-05)
+- Corrected bugs and improved non blocking IO
+- Added hooks to use external database to store sessions
+- Usual cleanups
+
+* Version 0.2.9 (2001-10-27)
+- AUTH_INFO types and structures were moved to library internals
+- AUTH_FAILED is no longer returned in SRP authentication
+ (any fatal error in SRP means auth failed)
+- Introduced GNUTLS_E_INTERRUPTED
+- Added support for non blocking IO
+- gnutls_recv() and gnutls_send() are now obsolete
+- Changed semantics of gnutls_rehandshake()
+
+* Version 0.2.4 (2001-10-12)
+- Better handling of X.509 certificate extensions
+- Added DHE_RSA ciphersuites
+- Updated the Name Indication (dnsname) extension
+- Improvements in Diffie Hellman primes handling
+
+* Version 0.2.3 (2001-09-19)
+- Memory optimizations in gnutls_recv()
+- Fixed several memory leaks
+- Added ability to specify callback for x509 client certificate selection
+- Better documentation
+
+* Version 0.2.2 (2001-08-21)
+- Several bugfixes (library and documentation)
+
+* Version 0.2.1 (2001-08-07)
+- SRP fixes
+
+* Version 0.2.0 (2001-08-07)
+- Partial support for X.509v3 Certificate extensions.
+- Added Internal memory handlers
+- Removed gnutls_x509_set_cn()
+- Added X.509 client authentication
+- Several bug fixes and protocol fixes
+
+* Version 0.1.9 (2001-07-30)
+- Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate)
+- SRP is updated to conform to the newest draft.
+- Added support for DNSNAME extension.
+- Reentracy fixes in ASN.1 Parsing.
+- Optimizations in hash/hmac functions
+- (Error) message handling has changed
+- Better Protocol Version handling
+- Added X.509 Certificate Verification
+- gnutls_read() semantics are now closer to read(2) - added EOF
+- Documented some part of gnutls in doc/tex/ using Latex
+
+* Version 0.1.4 (2001-06-22)
+- Corrected (srp) base64 encoding.
+- Changed bcrypt algorithm to include username.
+- Added RSA Ciphersuites (no certificate checking).
+- Fixes in SSL 2.0 client hello parsing.
+- Added ASN.1 and DER parsers.
+- Bugfixes in session resuming
+- Updated Ciphersuite selection algorithm
+- Added internal representation of X.509 structures.
+- Added global state
+
+* Version 0.1.3 (2001-06-01)
+- Updated API (and the way it is documented - we use inline documentation)
+- Added function to access alert messages.
+- Added support for renegotiating parameters.
+- Better and Faster Resume Database handling.
+- Several bugfixes
+
+* Version 0.1.2 (2001-05-14)
+- Updated API
+- Fixes in extension handling
+
+* Version 0.1.1 (2001-05-13)
+- Added compatibility with Stanford's libsrp library
+
+* Version 0.1.0 (2001-05-09)
+- Added SSL 2.0 client hello support
+- GNUTLS is a gnu library
+- Added support for TLS extensions.
+- Added support for SRP
+
+* Version 0.0.7 (2001-01-11)
+- Added server side session resuming (using gdbm)
+- Added twofish algorithm
+
+* Version 0.0.6 (2000-12-20)
+- Added client side session resuming
+- Better documentation (check doc/API)
+- Better socket handling (gnutls can be used with select())
+- Some primitive support for non blocking IO and socket options has been added.
+
+* Version 0.0.5 (2000-12-07)
+- Added Compression (using ZLIB)
+- Added SSL 3.0 support
+
+----------------------------------------------------------------------
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.