From 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 09:33:12 +0200 Subject: Adding upstream version 3.7.9. Signed-off-by: Daniel Baumann --- NEWS | 10247 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 10247 insertions(+) create mode 100644 NEWS (limited to 'NEWS') diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..9be7ab4 --- /dev/null +++ b/NEWS @@ -0,0 +1,10247 @@ +GnuTLS NEWS -- History of user-visible changes. -*- outline -*- +Bug numbers referenced in this log correspond to bug numbers at our issue tracker, +available at https://gitlab.com/gnutls/gnutls/issues +Copyright (C) 2000-2016 Free Software Foundation, Inc. +Copyright (C) 2013-2019 Nikos Mavrogiannopoulos +See the end for copying conditions. + +* Version 3.7.9 (released 2023-02-09) + +** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. + Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin. + [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361] + +** API and ABI modifications: +No changes since last version. + +* Version 3.7.8 (released 2022-09-27) + +** libgnutls: In FIPS140 mode, RSA signature verification is an approved + operation if the key has modulus with known sizes (1024, 1280, + 1536, and 1792 bits), in addition to any modulus sizes larger than + 2048 bits, according to SP800-131A rev2. + +** libgnutls: gnutls_session_channel_binding performs additional checks when + GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the + "tls-exporter" channel binding is only usable when the handshake is + bound to a unique master secret (i.e., either TLS 1.3 or extended + master secret extension is negotiated). Otherwise the function now + returns error. + +** libgnutls: usage of the following functions, which are designed to + loosen restrictions imposed by allowlisting mode of configuration, + has been additionally restricted. Invoking them is now only allowed + if system-wide TLS priority string has not been initialized yet: +gnutls_digest_set_secure +gnutls_sign_set_secure +gnutls_sign_set_secure_for_certs +gnutls_protocol_set_enabled + +** API and ABI modifications: +No changes since last version. + +* Version 3.7.7 (released 2022-07-28) + +** libgnutls: Fixed double free during verification of pkcs7 signatures. + Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium] + [CVE-2022-2509] + +** libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument less than or + equal to 255 times hash digest size, to comply with RFC 5869 2.3. + +** libgnutls: Length limit for TLS PSK usernames has been increased + from 128 to 65535 characters (#1323). + +** libgnutls: AES-GCM encryption function now limits plaintext + length to 2^39-256 bits, according to SP800-38D 5.2.1.1. + +** libgnutls: New block cipher functions have been added to transparently + handle padding. gnutls_cipher_encrypt3 and gnutls_cipher_decrypt3 can be + used in combination of GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically + add/remove padding if the length of the original plaintext is not a multiple + of the block size. + +** libgnutls: New function for manual FIPS self-testing. + +** API and ABI modifications: +gnutls_fips140_run_self_tests: New function +gnutls_cipher_encrypt3: New function +gnutls_cipher_decrypt3: New function +gnutls_cipher_padding_flags_t: New enum + +** guile: Guile 1.8 is no longer supported + +** guile: Session record port treats premature termination as EOF + Previously, a ‘gnutls-error’ exception with the + ‘error/premature-termination’ value would be thrown while reading from a + session record port when the underlying session was terminated + prematurely. This was inconvenient since users of the port may not be + prepared to handle such an exception. + Reading from the session record port now returns the end-of-file object + instead of throwing an exception, just like it would for a proper + session termination. + +** guile: Session record ports can have a ‘close’ procedure. + The ‘session-record-port’ procedure now takes an optional second + parameter, and a new ‘set-session-record-port-close!’ procedure is + provided to specify a ‘close’ procedure for a session record port. + This ‘close’ procedure lets users specify cleanup operations for when + the port is closed, such as closing the file descriptor or port that + backs the underlying session. + +* Version 3.7.6 (released 2022-05-27) + +** libgnutls: Fixed invalid write when gnutls_realloc_zero() + is called with new_size < old_size. This bug caused heap + corruption when gnutls_realloc_zero() has been set as gmp + reallocfunc (!1592, #1367, #1368, #1369). + +** API and ABI modifications: +No changes since last version. + +* Version 3.7.5 (released 2022-05-15) + +** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority + modifier have been added to disable session ticket usage in TLS 1.2 because + it does not provide forward secrecy (#477). On the other hand, since session + tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now + only disables session tickets in TLS 1.2. Future backward incompatibility: + in the next major release of GnuTLS, we plan to remove those flag and + modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2. + +** gnutls-cli, gnutls-serv: Channel binding for printing information + has been changed from tls-unique to tls-exporter as tls-unique is + not supported in TLS 1.3. + +** libgnutls: Certificate sanity checks has been enhanced to make + gnutls more RFC 5280 compliant (!1583). + Following changes were included: + - critical extensions are parsed when loading x509 + certificate to prohibit any random octet strings. + Requires strict-x509 configure option to be enabled + - garbage bits in Key Usage extension are prohibited + - empty DirectoryStrings in Distinguished name structures + of Issuer and Subject name are prohibited + +** libgnutls: Removed 3DES from FIPS approved algorithms (#1353). + According to the section 2 of SP800-131A Rev.2, 3DES algorithm + will be disallowed for encryption after December 31, 2023: + https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final + +** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312). + The existing AEAD API that works in a scatter-gather fashion + (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC. + For further optimization, new function (gnutls_aead_cipher_set_key) has been + added to set key on the existing AEAD handle without re-allocation. + +** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode + when used in TLS (#1311). + +** The configure arguments for Brotli and Zstandard (zstd) support + have changed to reflect the previous help text: they are now + --with-brotli/--with-zstd respectively (#1342). + +** Detecting the Zstandard (zstd) library in configure has been + fixed (#1343). + +** API and ABI modifications: +GNUTLS_NO_TICKETS_TLS12: New flag +gnutls_aead_cipher_set_key: New function + +* Version 3.7.4 (released 2022-03-17) + +** libgnutls: Added support for certificate compression as defined in RFC8879 + (#1301). New API functions (gnutls_compress_certificate_get_selected_method + and gnutls_compress_certificate_set_methods) allow client and server to set + their preferences. + +** certtool: Added option --compress-cert that allows user to specify + compression methods for certificate compression. + +** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure + option to enforce stricter certificate sanity checks that are compliant with + RFC5280. + +** libgnutls: Removed IA5String type from DirectoryString within issuer + and subject name to make DirectoryString RFC5280 compliant. + +** libgnutls: Added function (gnutls_record_send_file) to send file content from + open file descriptor (!1486). The implementation is optimized if KTLS (kernel + TLS) is enabled. + +** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name of + current ciphersuite from TLS session (#1291). + +** libgnutls: The run-time dependency on tpm2-tss is now re-implemented using + dlopen, so GnuTLS does not indirectly link to other crypto libraries until + TPM2 functionality is utilized (!1544). + +** API and ABI modifications: +GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member +GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member +gnutls_compress_certificate_get_selected_method: Added +gnutls_compress_certificate_set_methods: Added +gnutls_ciphersuite_get: New function +gnutls_record_send_file: New function +libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1 + +* Version 3.7.3 (released 2022-01-17) + +** libgnutls: The allowlisting configuration mode has been added to the system-wide + settings. In this mode, all the algorithms are initially marked as insecure + or disabled, while the applications can re-enable them either through the + [overrides] section of the configuration file or the new API (#1172). + +** The build infrastructure no longer depends on GNU AutoGen for generating + command-line option handling, template file parsing in certtool, and + documentation generation (#773, #774). This change also removes run-time or + bundled dependency on the libopts library, and requires Python 3.6 or later + to regenerate the distribution tarball. + + Note that this brings in known backward incompatibility in command-line + tools, such as long options are now case sensitive, while previously they + were treated in a case insensitive manner: for example --RSA is no longer a + valid option of certtool. The existing scripts using GnuTLS tools may need + adjustment for this change. + +** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and + used as a gnutls_privkey_t (#594). The code was originally written for the + OpenConnect VPN project by David Woodhouse. To generate such blobs, use the + tpm2tss-genkey tool from tpm2-tss-engine: + https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations + or the tpm2_encodeobject tool from unreleased tpm2-tools. + +** libgnutls: The library now transparently enables Linux KTLS + (kernel TLS) when the feature is compiled in with --enable-ktls configuration + option (#1113). If the KTLS initialization fails it automatically falls back + to the user space implementation. + +** certtool: The certtool command can now read the Certificate Transparency + (RFC 6962) SCT extension (#232). New API functions are also provided to + access and manipulate the extension values. + +** certtool: The certtool command can now generate, manipulate, and evaluate + x25519 and x448 public keys, private keys, and certificates. + +** libgnutls: Disabling a hashing algorithm through "insecure-hash" + configuration directive now also disables TLS ciphersuites that use it as a + PRF algorithm. + +** libgnutls: PKCS#12 files are now created with modern algorithms by default + (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and + HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with + PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the + default PBKDF2 iteration count has been increased to 600000. + +** libgnutls: PKCS#12 keys derived using GOST algorithm now uses + HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to + conform with the latest TC-26 requirements (#1225). + +** libgnutls: The library now provides a means to report the status of approved + cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this + complements the existing mechanism to prohibit the use of unapproved + algorithms by making the library unusable state. + +** gnutls-cli: The gnutls-cli command now provides a --list-config option to + print the library configuration (!1508). + +** libgnutls: Fixed possible race condition in + gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared + among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] + +** API and ABI modifications: +GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t +GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags +gnutls_ecc_curve_set_enabled: Added. +gnutls_sign_set_secure: Added. +gnutls_sign_set_secure_for_certs: Added. +gnutls_digest_set_secure: Added. +gnutls_protocol_set_enabled: Added. +gnutls_fips140_context_init: New function +gnutls_fips140_context_deinit: New function +gnutls_fips140_push_context: New function +gnutls_fips140_pop_context: New function +gnutls_fips140_get_operation_state: New function +gnutls_fips140_operation_state_t: New enum +gnutls_transport_is_ktls_enabled: New function +gnutls_get_library_configuration: New function + +* Version 3.7.2 (released 2021-05-29) + +** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added + to disable TLS 1.3 middlebox compatibility mode + +** libgnutls: The Linux kernel AF_ALG based acceleration has been added. + This can be enabled with --enable-afalg configure option, when libkcapi + package is installed (#308). + +** libgnutls: Fixed timing of early data exchange. Previously, the client was + sending early data after receiving Server Hello, which not only negates the + benefit of 0-RTT, but also works under certain assumptions hold (e.g., the + same ciphersuite is selected in initial and resumption handshake) (#1146). + +** certtool: When signing a CSR, CRL distribution point (CDP) is no longer + copied from the signing CA by default (#1126). + +** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to + GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now + deprecated and will be removed in the future releases. + +** certtool: When producing certificates and certificate requests, subject DN + components that are provided individually will now be ordered by + assumed scale (e.g. Country before State, Organization before + OrganizationalUnit). This change also affects the order in which + certtool prompts interactively. Please rely on the template + mechanism for automated use of certtool! (#1243) + +** API and ABI modifications: +gnutls_early_cipher_get: Added +gnutls_early_prf_hash_get: Added + +** guile: Writes to a session record port no longer throw an exception upon + GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. + +* Version 3.7.1 (released 2021-03-10) + +** libgnutls: Fixed potential use-after-free in sending "key_share" + and "pre_shared_key" extensions. When sending those extensions, the + client may dereference a pointer no longer valid after + realloc. This happens only when the client sends a large Client + Hello message, e.g., when HRR is sent in a resumed session + previously negotiated large FFDHE parameters, because the initial + allocation of the buffer is large enough without having to call + realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] + +** libgnutls: Fixed a regression in handling duplicated certs in a + chain (#1131). + +** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox + compatibiltiy mode. In that mode the client shall always send a + non-zero session ID to make the handshake resemble the TLS 1.2 + resumption; this was not true in the previous versions (#1074). + +** libgnutls: W32 performance improvement with a new sendmsg()-like + transport implementation (!1377). + +** libgnutls: Removed dependency on the external 'fipscheck' package, + when compiled with --enable-fips140-mode (#1101). + +** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). + +** API and ABI modifications: +No changes since last version. + +* Version 3.7.0 (released 2020-12-02) + +** libgnutls: Depend on nettle 3.6 (!1322). + +** libgnutls: Added a new API that provides a callback function to + retrieve missing certificates from incomplete certificate chains + (#202, #968, #1100). + +** libgnutls: Added a new API that provides a callback function to + output the complete path to the trusted root during certificate + chain verification (#1012). + +** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the + terminating null bytes, while the data field is null terminated. + The affected API functions are: gnutls_ocsp_req_get_extension, + gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension + (#805). + +** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849, + #850). + +** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are + now no-op (#790). + +** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161). + +** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin + CPU (#1079). + +** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31 + bytes to 255 bytes (#932). + +** API and ABI modifications: +gnutls_x509_trust_list_set_getissuer_function: Added +gnutls_x509_trust_list_get_ptr: Added +gnutls_x509_trust_list_set_ptr: Added +gnutls_session_set_verify_output_function: Added +gnutls_record_encryption_level_t: New enum +gnutls_handshake_read_func: New callback type +gnutls_handshake_set_read_function: New function +gnutls_handshake_write: New function +gnutls_handshake_secret_func: New callback type +gnutls_handshake_set_secret_function: New function +gnutls_alert_read_func: New callback type +gnutls_alert_set_read_function: New function +gnutls_crypto_register_cipher: Deprecated; no-op +gnutls_crypto_register_aead_cipher: Deprecated; no-op +gnutls_crypto_register_mac: Deprecated; no-op +gnutls_crypto_register_digest: Deprecated; no-op + +* Version 3.6.15 (releases 2020-09-04) + +** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. + The server sending a "no_renegotiation" alert in an unexpected timing, + followed by an invalid second handshake was able to cause a TLS 1.3 client to + crash via a null-pointer dereference. The crash happens in the application's + error handling path, where the gnutls_deinit function is called after + detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium] + +** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now + indicates that with a false return value (!1306). + +** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked + accordingly to SP800-56A rev 3 (!1295, !1299). + +** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than + the size of the internal base64 blob (#1025). The new behavior aligns to the + existing documentation. + +** libgnutls: Certificate verification failue due to OCSP must-stapling is not + honered is now correctly marked with the GNUTLS_CERT_INVALID flag + (!1317). The new behavior aligns to the existing documentation. + +** libgnutls: The audit log message for weak hashes is no longer printed twice + (!1301). + +** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is + disabled in the priority string. Previously, even when TLS 1.2 is explicitly + disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is + enabled (#1054). + +** API and ABI modifications: +No changes since last version. + +* Version 3.6.14 (released 2020-06-03) + +** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. + The TLS server would not bind the session ticket encryption key with a + value supplied by the application until the initial key rotation, allowing + attacker to bypass authentication in TLS 1.3 and recover previous + conversations in TLS 1.2 (#1011). + [GNUTLS-SA-2020-06-03, CVSS: high] + +** libgnutls: Fixed handling of certificate chain with cross-signed + intermediate CA certificates (#1008). + +** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). + +** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName + (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority + Key Identifier (AKI) properly (#989, #991). + +** certtool: PKCS #7 attributes are now printed with symbolic names (!1246). + +** libgnutls: Added several improvements on Windows Vista and later releases + (!1257, !1254, !1256). Most notably the system random number generator now + uses Windows BCrypt* API if available (!1255). + +** libgnutls: Use accelerated AES-XTS implementation if possible (!1244). + Also both accelerated and non-accelerated implementations check key block + according to FIPS-140-2 IG A.9 (!1233). + +** libgnutls: Added support for AES-SIV ciphers (#463). + +** libgnutls: Added support for 192-bit AES-GCM cipher (!1267). + +** libgnutls: No longer use internal symbols exported from Nettle (!1235) + +** API and ABI modifications: +GNUTLS_CIPHER_AES_128_SIV: Added +GNUTLS_CIPHER_AES_256_SIV: Added +GNUTLS_CIPHER_AES_192_GCM: Added +GNUTLS_NO_AUTO_SEND_TICKET: Added +gnutls_ext_get_name2: Added +gnutls_pkcs7_print_signature_info: Added + +* Version 3.6.13 (released 2020-03-31) + +** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3. + The DTLS client would not contribute any randomness to the DTLS negotiation, + breaking the security guarantees of the DTLS protocol (#960) + [GNUTLS-SA-2020-03-31, CVSS: high] + +** libgnutls: Added new APIs to access KDF algorithms (#813). + +** libgnutls: Added new callback gnutls_keylog_func that enables a custom + logging functionality. + +** libgnutls: Added support for non-null terminated usernames in PSK + negotiation (#586). + +** gnutls-cli-debug: Improved support for old servers that only support + SSL 3.0. + +** API and ABI modifications: +gnutls_hkdf_extract: Added +gnutls_hkdf_expand: Added +gnutls_pbkdf2: Added +gnutls_session_get_keylog_function: Added +gnutls_session_set_keylog_function: Added +gnutls_prf_hash_get: Added +gnutls_psk_server_get_username2: Added +gnutls_psk_set_client_credentials2: Added +gnutls_psk_set_client_credentials_function2: Added +gnutls_psk_set_server_credentials_function2: Added + + +* Version 3.6.12 (released 2020-02-01) + +** libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) + to identify sessions that client request OCSP status request (#829). + +** libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 + signature algorithm (RFC 8032) under TLS (#86). + +** libgnutls: Added the default-priority-string option to system configuration; + it allows overriding the compiled-in default-priority-string. + +** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by + draft-smyshlyaev-tls12-gost-suites-07). + By default this ciphersuite is disabled. It can be enabled by adding + +GOST to priority string. In the future this priority string may enable + other GOST ciphersuites as well. Note, that server will fail to negotiate + GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It + is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites + are enabled on GnuTLS-based servers. + +** libgnutls: added priority shortcuts for different GOST categories like + CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. + +** libgnutls: Reject certificates with invalid time fields. That is we reject + certificates with invalid characters in Time fields, or invalid time formatting + To continue accepting the invalid form compile with --disable-strict-der-time + (#207, #870). + +** libgnutls: Reject certificates which contain duplicate extensions. We were + previously printing warnings when printing such a certificate, but that is + not always sufficient to flag such certificates as invalid. Instead we now + refuse to import them (#887). + +** libgnutls: If a CA is found in the trusted list, check in addition to + time validity, whether the algorithms comply to the expected level prior + to accepting it. This addresses the problem of accepting CAs which would + have been marked as insecure otherwise (#877). + +** libgnutls: The min-verification-profile from system configuration applies + for all certificate verifications, not only under TLS. The configuration can + be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. + +** libgnutls: The stapled OCSP certificate verification adheres to the convention + used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. + +** libgnutls: On client side only send OCSP staples if they have been requested + by the server, and on server side always advertise that we support OCSP stapling + (#876). + +** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible + with gnutls_ocsp_req_t but const. + +** certtool: Added the --verify-profile option to set a certificate + verification profile. Use '--verify-profile low' for certificate verification + to apply the 'NORMAL' verification profile. + +** certtool: The add_extension template option is considered even when generating + a certificate from a certificate request. + +** API and ABI modifications: +GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added +GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Added +gnutls_ocsp_req_const_t: Added + + +* Version 3.6.11 (released 2019-12-01) + +** libgnutls: Use KERN_ARND for the system random number generator on NetBSD. + This syscall provides an endless stream of random numbers from the kernel's + ChaCha20-based random number generator, without blocking or requiring an open file + descriptor. + +** libgnutls: Corrected issue with TLS 1.2 session ticket handling as client + during resumption (#841). + +** libgnutls: gnutls_base64_decode2() succeeds decoding the empty string to + the empty string. This is a behavioral change of the API but it conforms + to the RFC4648 expectations (#834). + +** libgnutls: Fixed AES-CFB8 implementation, when input is shorter than + the block size. Fix backported from nettle. + +** certtool: CRL distribution points will be set in CA certificates even when + non self-signed (#765). + +** gnutls-cli/serv: added raw public-key handling capabilities (RFC7250). + Key material can be set via the --rawpkkeyfile and --rawpkfile flags. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.6.10 (released 2019-09-29) + +** libgnutls: Added support for deterministic ECDSA/DSA (RFC6979) + Deterministic signing can be enabled by setting + GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE when calling gnutls_privkey_sign_*() + functions (#94). + +** libgnutls: add gnutls_aead_cipher_encryptv2 and gnutls_aead_cipher_decryptv2 + functions that will perform in-place encryption/decryption on data buffers (#718). + +** libgnutls: Corrected issue in gnutls_session_get_data2() which could fail under + TLS1.3, if a timeout callback was not set using gnutls_transport_set_pull_timeout_function() + (#823). + +** libgnutls: added interoperability tests with gnutls 2.12.x; addressed + issue with large record handling due to random padding (#811). + +** libgnutls: the server now selects the highest TLS protocol version, + if TLS 1.3 is enabled and the client advertises an older protocol version first (#837). + +** libgnutls: fix non-PIC assembly on i386 (#818). + +** libgnutls: added support for GOST 28147-89 cipher in CNT (GOST counter) mode + and MAC generation based on GOST 28147-89 (IMIT). For description of the + modes see RFC 5830. S-Box is id-tc26-gost-28147-param-Z (TC26Z) defined in + RFC 7836. + +** certtool: when outputting an encrypted private key do not insert the textual description + of it. This fixes a regression since 3.6.5 (#840). + +** API and ABI modifications: +gnutls_aead_cipher_encryptv2: Added +gnutls_aead_cipher_decryptv2: Added +GNUTLS_CIPHER_GOST28147_TC26Z_CNT: Added +GNUTLS_MAC_GOST28147_TC26Z_IMIT: Added + +* Version 3.6.9 (released 2019-07-25) + +** libgnutls: add gnutls_hash_copy/gnutls_hmac_copy functions that will create a copy + of digest or MAC context. Copying contexts for externally-registered digest and MAC + contexts is unupported (#787). + +** Marked the crypto implementation override APIs as deprecated. These APIs are rarely + used, are for a niche use case, but have significant side effects, such as preventing + any internal re-organization and extension of the internal cipher API. The APIs remain + functional though a compiler warning will be issued, and a future minor version update + may transform them to a no-op while keeping ABI compatibility (#789). + +** libgnutls: Added support for AES-GMAC, as a separate to GCM, MAC algorithm (#781). + +** libgnutls: gnutls_privkey_sign_hash2 now accepts the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA + flag as documented. This makes it a complete replacement of gnutls_privkey_sign_hash(). + +** libgnutls: Added support for Generalname registeredID. + +** The priority configuration was enhanced to allow more elaborate + system-wide configuration of the library (#587). + The following changes were included: + - The file is read as an ini file with '#' indicating a comment. + - The section "[priorities]" or global follows the existing semantics of + the configuration file, and allows to specify system-wide priority strings + which are accessed with the '@' prefix. + - The section "[overrides]" is added with the parameters "insecure-hash", + "insecure-sig", "insecure-sig-for-cert", "disabled-curve", + "disabled-version", "min-verification-profile", "tls-disabled-cipher", + "tls-disabled-mac", "tls-disabled-group", "tls-disabled-kx", which prohibit + specific algorithms or options globally. Existing algorithms in the + library can be marked as disabled and insecure, but no hard-coded + insecure algorithm can be marked as secure (so that the configuration + cannot be abused to make the system vulnerable). + - Unknown sections or options are skipped with a debug message, unless + the GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID environment parameter is + set to 1. + +** libgnutls: Added new flag for GNUTLS_CPUID_OVERRIDE + - 0x20: Enable SHA_NI instruction set + +** API and ABI modifications: +gnutls_crypto_register_cipher: Deprecated +gnutls_crypto_register_aead_cipher: Deprecated +gnutls_crypto_register_digest: Deprecated +gnutls_crypto_register_mac: Deprecated +gnutls_get_system_config_file: Added +gnutls_hash_copy: Added +gnutls_hmac_copy: Added +GNUTLS_MAC_AES_GMAC_128: Added +GNUTLS_MAC_AES_GMAC_192: Added +GNUTLS_MAC_AES_CMAC_256: Added +GNUTLS_SAN_REGISTERED_ID: Added + + +* Version 3.6.8 (released 2019-05-28) + +** libgnutls: Added gnutls_prf_early() function to retrieve early keying + material (#329) + +** libgnutls: Added support for AES-XTS cipher (#354) + +** libgnutls: Fix calculation of Streebog digests (incorrect carry operation in + 512 bit addition) + +** libgnutls: During Diffie-Hellman operations in TLS, verify that the peer's + public key is on the right subgroup (y^q=1 mod p), when q is available (under + TLS 1.3 and under earlier versions when RFC7919 parameters are used). + +** libgnutls: the gnutls_srp_set_server_credentials_function can now be used + with the 8192 parameters as well (#995). + +** libgnutls: Fixed bug preventing the use of gnutls_pubkey_verify_data2() and + gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag (#754) + +** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow + clients to communicate with the server advertising smaller limits than 512 + +** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent + hostname/domain crafting via IDNA conversion (#720) + +** certtool: allow the digital signature key usage flag in CA certificates. + Previously certtool would ignore this flag for CA certificates even if + specified (#767) + +** gnutls-cli/serv: added the --keymatexport and --keymatexportsize options. + These allow testing the RFC5705 using these tools. + +** API and ABI modifications: +gnutls_prf_early: Added +gnutls_record_set_max_recv_size: Added +gnutls_dh_params_import_raw3: Added +gnutls_ffdhe_2048_group_q: Added +gnutls_ffdhe_3072_group_q: Added +gnutls_ffdhe_4096_group_q: Added +gnutls_ffdhe_6144_group_q: Added +gnutls_ffdhe_8192_group_q: Added + + +* Version 3.6.7 (released 2019-03-27) + +** libgnutls, gnutls tools: Every gnutls_free() will automatically set + the free'd pointer to NULL. This prevents possible use-after-free and + double free issues. Use-after-free will be turned into NULL dereference. + The counter-measure does not extend to applications using gnutls_free(). + +** libgnutls: Fixed a memory corruption (double free) vulnerability in the + certificate verification API. Reported by Tavis Ormandy; addressed with + the change above. [GNUTLS-SA-2019-03-27, #694] + +** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; + Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] + +** libgnutls: enforce key usage limitations on certificates more actively. + Previously we would enforce it for TLS1.2 protocol, now we enforce it + even when TLS1.3 is negotiated, or on client certificates as well. When + an inappropriate for TLS1.3 certificate is seen on the credentials structure + GnuTLS will disable TLS1.3 support for that session (#690). + +** libgnutls: the default number of tickets sent under TLS 1.3 was increased to + two. This makes it easier for clients which perform multiple connections + to the server to use the tickets sent by a default server. + +** libgnutls: enforce the equality of the two signature parameters fields in + a certificate. We were already enforcing the signature algorithm, but there + was a bug in parameter checking code. + +** libgnutls: fixed issue preventing sending and receiving from different + threads when false start was enabled (#713). + +** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable + session, as non-writeable security officer sessions are undefined in PKCS#11 + (#721). + +** libgnutls: no longer send downgrade sentinel in TLS 1.3. + Previously the sentinel value was embedded to early in version + negotiation and was sent even on TLS 1.3. It is now sent only when + TLS 1.2 or earlier is negotiated (#689). + +** gnutls-cli: Added option --logfile to redirect informational messages output. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.6.6 (released 2019-01-25) + +** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits + on the public key (#640). + +** libgnutls: Added support for raw public-key authentication as defined in RFC7250. + Raw public-keys can be negotiated by enabling the corresponding certificate + types via the priority strings. The raw public-key mechanism must be explicitly + enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). + +** libgnutls: When on server or client side we are sending no extensions we do + not set an empty extensions field but we rather remove that field competely. + This solves a regression since 3.5.x and improves compatibility of the server + side with certain clients. + +** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if + the CKA_SIGN is not set (#667). + +** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely + disable extensions at all cases, while providing a functional session. This + also implies that when specified, TLS1.3 is disabled. + +** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. + The previous definition was non-functional (#609). + +** API and ABI modifications: +GNUTLS_ENABLE_RAWPK: Added +GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) +GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated +GNUTLS_PCERT_NO_CERT: Deprecated + + +* Version 3.6.5 (released 2018-12-01) + +** libgnutls: Provide the option of transparent re-handshake/reauthentication + when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). + +** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) + +** libgnutls: The priority functions will ignore and not enable TLS1.3 if + requested with legacy TLS versions enabled but not TLS1.2. That is because + if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) + servers which do not support TLS1.3 will negotiate TLS1.2 which will be + rejected by the client as disabled (#621). + +** libgnutls: Change RSA decryption to use a new side-channel silent function. + This addresses a security issue where memory access patterns as well as timing + on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher + attacks. Side-channel resistant code is slower due to the need to mask + access and timings. When used in TLS the new functions cause RSA based + handshakes to be between 13% and 28% slower on average (Numbers are indicative, + the tests where performed on a relatively modern Intel CPU, results vary + depending on the CPU and architecture used). This change makes nettle 3.4.1 + the minimum requirement of gnutls (#630). [CVSS: medium] + +** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword + in the priority string. It is only accepted as legacy option and is ignored. + +** libgnutls: Added support for EdDSA under PKCS#11 (#417) + +** libgnutls: Added support for AES-CFB8 cipher (#357) + +** libgnutls: Added support for AES-CMAC MAC (#351) + +** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers + have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D + S-BOXes). They are fixed now. + +** libgnutls: Added support for GOST key unmasking and unwrapped GOST private + keys parsing, as specified in R 50.1.112-2016. + +** gnutls-serv: It applies the default settings when no --priority option is given, + using gnutls_set_default_priority(). + +** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin + option (#561) + +** certtool: Add parameter --no-text that prevents certtool from outputting + text before PEM-encoded private key, public key, certificate, CRL or CSR. + +** API and ABI modifications: +GNUTLS_AUTO_REAUTH: Added +GNUTLS_CIPHER_AES_128_CFB8: Added +GNUTLS_CIPHER_AES_192_CFB8: Added +GNUTLS_CIPHER_AES_256_CFB8: Added +GNUTLS_MAC_AES_CMAC_128: Added +GNUTLS_MAC_AES_CMAC_256: Added +gnutls_record_get_max_early_data_size: Added +gnutls_record_send_early_data: Added +gnutls_record_recv_early_data: Added +gnutls_db_check_entry_expire_time: Added +gnutls_anti_replay_set_add_function: Added +gnutls_anti_replay_init: Added +gnutls_anti_replay_deinit: Added +gnutls_anti_replay_set_window: Added +gnutls_anti_replay_enable: Added +gnutls_privkey_decrypt_data2: Added + + +* Version 3.6.4 (released 2018-09-24) + +** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + +** libgnutls: Corrected regression since 3.6.3 in the callbacks set with + gnutls_certificate_set_retrieve_function() which could not handle the case where + no certificates were returned, or the callbacks were set to NULL (see #528). + +** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + +** libgnutls: Added session ticket key rotation on server side with TOTP. + The key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + +** libgnutls: The 'record size limit' extension is added and preferred to the + 'max record size' extension when possible. + +** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + +** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), + gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import + and export GOST parameters in the "native" little endian format used for these + curves. This is an intentional incompatible change with 3.6.3. + +** libgnutls: Added support for seperately negotiating client and server certificate types + as defined in RFC7250. This mechanism must be explicitly enabled via the + GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). + +** gnutls-cli: enable CRL validation on startup (#564) + +** API and ABI modifications: +GNUTLS_ENABLE_EARLY_START: Added +GNUTLS_ENABLE_CERT_TYPE_NEG: Added +GNUTLS_TL_FAIL_ON_INVALID_CRL: Added +GNUTLS_CERTIFICATE_VERIFY_CRLS: Added +gnutls_ctype_target_t: New enumeration +gnutls_record_set_max_early_data_size: Added +gnutls_certificate_type_get2: Added +gnutls_priority_certificate_type_list2: Added +gnutls_ffdhe_6144_group_prime: Added +gnutls_ffdhe_6144_group_generator: Added +gnutls_ffdhe_6144_key_bits: Added + + +* Version 3.6.3 (released 2018-07-16) + +** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version + negotiation, post handshake authentication, length hiding, multiple OCSP support, + consistent ciphersuite support across protocols, hello retry requests, ability + to adjust key shares via gnutls_init() flags, certificate authorities extension, + and key usage limits. TLS1.3 draft-28 support can be enabled by default if + the option --enable-tls13-support is given to configure script. + +** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or + earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings + TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority + strings, then TLS 1.3 negotiation will be disabled if the session is associated + only with an anonymous credentials structure. + +** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. + This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12, + and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA + 256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357), + and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836). + +** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers + as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default + priority strings, as they are undefined under TLS1.3 and they provide no advantage + over other options in earlier protocols. + +** The SSL 3.0 protocol is disabled on compile-time by default. It can be re-enabled + by specifying --enable-ssl3-support on configure script. + +** libgnutls: Introduced function to switch the current FIPS140-2 operational + mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2 + operations. + +** libgnutls: Introduced low-level function to assist applications attempting client + hello extension parsing, prior to GnuTLS' parsing of the message. + +** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no + modifications to the certificate. That prevents DER re-encoding issues with incorrectly + encoded certificates, or other DER incompatibilities to affect a TLS session. + Relates with #403 + +** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups + which are preferred by the server. That unfortunately has complicated semantics + as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering, + which could make group order unpredictable if TLS1.3 is negotiated. + +** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen + and Adi Shamir reported that the existing counter-measures had certain issues and + were insufficient when the attacker has additional access to the CPU cache and + performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium] + +** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation + of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. + +** libgnutls: gnutls_privkey_import_ext4() was enhanced with the + GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. + +** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, + gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default + unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API + change for these functions which make them err towards safety. + +** libgnutls: improved aarch64 cpu features detection by using getauxval(). + +** certtool: It is now possible to specify certificate and serial CRL numbers greater + than 2**63-2 as a hex-encoded string both when prompted and in a template file. + Default certificate serial numbers are now fully random. Default CRL + numbers include more random bits and are larger than in previous GnuTLS versions. + Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually + if you intend to later downgrade to previous versions as it was not possible + to specify large CRL numbers in previous versions of certtool. + +** API and ABI modifications: +gnutls_fips140_set_mode: Added +gnutls_session_key_update: Added +gnutls_ext_get_current_msg: Added +gnutls_reauth: Added +gnutls_ocsp_status_request_get2: Added +gnutls_ocsp_resp_import2: Added +gnutls_ocsp_resp_export2: Added +gnutls_ocsp_resp_list_import2: Added +gnutls_certificate_set_retrieve_function3: Added +gnutls_certificate_set_ocsp_status_request_file2: Added +gnutls_certificate_set_ocsp_status_request_mem: Added +gnutls_certificate_get_ocsp_expiration: Added +gnutls_record_send2: Added +gnutls_ext_raw_parse: Added +gnutls_x509_crt_list_import_url: Added +gnutls_pcert_list_import_x509_file: Added +gnutls_pkcs11_token_get_ptr: Added +gnutls_pkcs11_obj_get_ptr: Added +gnutls_session_ticket_send: Added +gnutls_aead_cipher_encryptv: Added +gnutls_gost_paramset_get_name: Added +gnutls_gost_paramset_get_oid: Added +gnutls_oid_to_gost_paramset: Added +gnutls_decode_gost_rs_value: Added +gnutls_encode_gost_rs_value: Added +gnutls_pubkey_export_gost_raw2: Added +gnutls_pubkey_import_gost_raw: Added +gnutls_x509_crt_get_pk_gost_raw: Added +gnutls_privkey_export_gost_raw2: Added +gnutls_privkey_import_gost_raw: Added +gnutls_x509_privkey_export_gost_raw: Added +gnutls_x509_privkey_import_gost_raw: Added +gnutls_set_default_priority_append: Added +gnutls_priority_init2: Added +GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS: Added +GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE: Added + + +* Version 3.6.2 (released 2018-02-16) + +** libgnutls: When verifying against a self signed certificate ignore issuer. + That is, ignore issuer when checking the issuer's parameters strength, resolving + issue #347 which caused self signed certificates to be additionally marked as of + insufficient security level. + +** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data + MTU calculation now, it correctly accounts for the fixed overhead due to + padding (as 1 byte), while at the same time considers the rest of the + padding as part of data MTU. + +** libgnutls: Address issue of loading of all PKCS#11 modules on startup + on systems with a PKCS#11 trust store (as opposed to a file trust store). + Introduced a multi-stage initialization which loads the trust modules, and + other modules are deferred for the first pure PKCS#11 request. + +** libgnutls: The SRP authentication will reject any parameters outside + RFC5054. This protects any client from potential MitM due to insecure + parameters. That also brings SRP in par with the RFC7919 changes to + Diffie-Hellman. + +** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters + for SRP authentication. + +** libgnutls: Addressed issue in the accelerated code affecting interoperability + with versions of nettle >= 3.4. + +** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. + +** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by + Vitezslav Cizek). + +** srptool: the --create-conf option no longer includes 1024-bit parameters. + +** p11tool: Fixed the deletion of objects in batch mode. + +** API and ABI modifications: +gnutls_srp_8192_group_generator: Added +gnutls_srp_8192_group_prime: Added + + +* Version 3.6.1 (released 2017-10-21) + +** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was + used. Resolves gitlab issue #259. + +** libgnutls: gnutls_x509_crl_sign, gnutls_x509_crt_sign, + gnutls_x509_crq_sign, were modified to sign with a better algorithm than + SHA1. They will now sign with an algorithm that corresponds to the security + level of the signer's key. + +** libgnutls: gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() + accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal + the function to auto-detect an appropriate hash algorithm to use. + +** libgnutls: Removed support for signature algorithms using SHA2-224 in TLS. + TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm + in TLS 1.2. As such, no reason to keep supporting it. + +** libgnutls: Refuse to use client certificates containing disallowed + algorithms for a session. That reverts a change on 3.5.5, which allowed + a client to use DSA-SHA1 due to his old DSA certificate, without requiring him + to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). + The previous approach was to allow a smooth move for client infrastructure + after the DSA algorithm became disabled by default, and is no longer necessary + as DSA is now being universally depracated. + +** libgnutls: Refuse to resume a session which had a different SNI advertised. That + improves RFC6066 support in server side. Reported by Thomas Klute. + +** p11tool: Mark all generated objects as sensitive by default. + +** p11tool: added options --sign-params and --hash. This allows testing + signature with multiple algorithms, including RSA-PSS. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.6.0 (released 2017-08-21) + +** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and + fuzzying toolkit, allowing for corner case testing, and ensuring that the + behavior of the library will not change across releases. + https://github.com/tomato42/tlsfuzzer + +** libgnutls: Introduced a lock-free random generator which operates per-thread + and eliminates random-generator related bottlenecks in multi-threaded operation. + Resolves gitlab issue #141. + http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html + +** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA. + The goal is to reduce code needed in cache (CHACHA is also used for TLS), + and the number of primitives used by the library. That does not affect the + AES-DRBG random generator used in FIPS140-2 mode. + +** libgnutls: Added support for RSA-PSS key type as well as signatures in + certificates, and TLS key exchange. Contributed by Daiki Ueno. + RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys, + but not vice-versa. The feature includes: + * RSA-PSS key generation and key handling (in PKCS#8 form) + * RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech) + * Handling of RSA-PSS subjectPublicKeyInfo parameters, when present + in either the private key or certificate. + * RSA-PSS signing and verification of PKIX certificates + * RSA-PSS signing and verification of TLS 1.2 handshake + * RSA-PSS signing and verification of PKCS#7 structures + * RSA-PSS and RSA key combinations for TLS credentials. That is, when + multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS + TLS signatures, to contain risks of cross-protocol attacks between the algorithms. + * RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa) + Note that RSA-PSS signatures with SHA1 are (intentionally) not supported. + +** libgnutls: Added support for Ed25519 signing in certificates and TLS key + exchange following draft-ietf-tls-rfc4492bis-17. The feature includes: + * Ed25519 key generation and key handling (in PKCS#8 form) + * Ed25519 signing and verification of PKIX certificates + * Ed25519 signing and verification of TLS 1.2 handshake + * Ed25519 signing and verification of PKCS#7 structures + +** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. + +** libgnutls: Added support for Diffie-Hellman group negotiation following RFC7919. + That makes the DH parameters negotiation more robust and less prone to errors + due to insecure parameters. Servers are no longer required to specific explicit + DH parameters, though if they do these parameters will be used. Group + selection can be done via priority strings. The introduced strings are + GROUP-ALL, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and + GROUP-FFDHE8192, as well as the corresponding to curves groups. Note that + the 6144 group from RFC7919 is not supported. + +** libgnutls: Introduced various sanity checks on certificate import. Refuse + to import certificates which have fractional seconds in Time fields, X.509v1 + certificates which have the unique identifiers set, and certificates with illegal + version numbers. All of these are prohibited by RFC5280. + +** libgnutls: Introduced gnutls_x509_crt_set_flags(). This function can set flags + in the crt structure. The only flag supported at the moment is + GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity + checks on import. + +** libgnutls: PKIX certificates with unknown critical extensions are rejected + on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This + behavior can be overridden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS + to verification functions. Resolves gitlab issue #177. + +** libgnutls: Refuse to generate a certificate with an illegal version, or an + illegal serial number. That is, gnutls_x509_crt_set_version() and + gnutls_x509_crt_set_serial(), will fail on input considered to be invalid + in RFC5280. + +** libgnutls: Calls to gnutls_record_send() and gnutls_record_recv() + prior to handshake being complete are now refused. Addresses gitlab issue #158. + +** libgnutls: Added support for PKCS#12 files with no salt (zero length) in their + password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC. + +** libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values. + +** libgnutls: Added new callback setting function to gnutls_privkey_t for external + keys. The new function (gnutls_privkey_import_ext4), allows signing in addition + to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 + keys. + +** libgnutls: Introduced the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 + priority string options. These allows enabling all broken and SHA1-based signature + algorithms in certificate verification, respectively. + +** libgnutls: 3DES-CBC is no longer included in the default priorities + list. It has to be explicitly enabled, e.g., with a string like + "NORMAL:+3DES-CBC". + +** libgnutls: SHA1 was marked as insecure for signing certificates. Verification + of certificates signed with SHA1 is now considered insecure and will + fail, unless flags intended to enable broken algorithms are set. Other uses + of SHA1 are still allowed. This can be reverted on compile time with the configure + flag --enable-sha1-support. + +** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification + of certificates signed with RIPEMD160 hash algorithm is now considered insecure and + will fail, unless flags intended to enable broken algorithms are set. + +** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. + These curves were rarely used for that purpose, provide no advantage over + x25519 and were deprecated by TLS 1.3. + +** libgnutls: Removed support for DEFLATE, or any other compression method. + +** libgnutls: OpenPGP authentication was removed; the resulting library is ABI + compatible, with the openpgp related functions being stubs that fail + on invocation. + +** libgnutls: Removed support for libidn (i.e., IDNA2003); gnutls can now be compiled + only with libidn2 which provides IDNA2008. + +** certtool: The option '--load-ca-certificate' can now accept PKCS#11 + URLs in addition to files. + +** certtool: The option '--load-crl' can now be used when generating PKCS#12 + files (i.e., in conjunction with '--to-p12' option). + +** certtool: Keys with provable RSA and DSA parameters are now only read and + exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. + This removes support for the previous a non-standard key format. + +** certtool: Added support for generating, printing and handling RSA-PSS and + Ed25519 keys and certificates. + +** certtool: the parameters --rsa, --dsa and --ecdsa to --generate-privkey are now + deprecated, replaced by the --key-type option. + +** p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were + replaced by the --generate-privkey option. + +** psktool: Generate 256-bit keys by default. + +** gnutls-server: Increase request buffer size to 16kb, and added the --alpn and + --alpn-fatal options, allowing testing of ALPN negotiation. + +** API and ABI modifications: +gnutls_encode_rs_value: Added +gnutls_decode_rs_value: Added +gnutls_base64_encode2: Added +gnutls_base64_decode2: Added +gnutls_x509_crt_set_flags: Added +gnutls_x509_crt_check_ip: Added +gnutls_x509_ext_import_inhibit_anypolicy: Added +gnutls_x509_ext_export_inhibit_anypolicy: Added +gnutls_x509_crt_get_inhibit_anypolicy: Added +gnutls_x509_crt_set_inhibit_anypolicy: Added +gnutls_pubkey_export_rsa_raw2: Added +gnutls_pubkey_export_dsa_raw2: Added +gnutls_pubkey_export_ecc_raw2: Added +gnutls_privkey_export_rsa_raw2: Added +gnutls_privkey_export_dsa_raw2: Added +gnutls_privkey_export_ecc_raw2: Added +gnutls_x509_spki_init: Added +gnutls_x509_spki_deinit: Added +gnutls_x509_spki_get_pk_algorithm: Added +gnutls_x509_spki_set_pk_algorithm: Added +gnutls_x509_spki_get_digest_algorithm: Added +gnutls_x509_spki_set_digest_algorithm: Added +gnutls_x509_spki_get_salt_size: Added +gnutls_x509_spki_set_salt_size: Added +gnutls_x509_crt_set_spki: Added +gnutls_x509_crt_get_spki: Added +gnutls_x509_privkey_get_spki: Added +gnutls_x509_privkey_set_spki: Added +gnutls_x509_crq_get_spki: Added +gnutls_x509_crq_set_spki: Added +gnutls_pubkey_set_spki: Added +gnutls_pubkey_get_spki: Added +gnutls_privkey_set_spki: Added +gnutls_privkey_get_spki: Added +gnutls_privkey_import_ext4: Added +GNUTLS_EXPORT_FLAG_NO_LZ: Added +GNUTLS_DT_IP_ADDRESS: Added +GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added +GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added +GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added +GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES: Added +GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added +GNUTLS_SFLAGS_RFC7919: Added + + +* Version 3.5.7 (released 2016-12-8) + +** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128 + and SECURE256 priority strings. + +** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly + operate with OIDs which have elements that exceed 2^32. + +** libgnutls: The DN decoding functions output the traditional DN format + rather than the strict RFC4514 compliant textual DN. This reverts the + 3.5.6 introduced change, and allows applications which depended on the + previous format to continue to function. Introduced new functions which + output the strict format by default, and can revert to the old one using + a flag. + +** libgnutls: Improved TPM key handling. Check authorization requirements + prior to using a key and fix issue on loop for PIN input. Patches by + James Bottomley. + +** libgnutls: In all functions accepting UTF-8 passwords, ensure that + passwords are normalized according to RFC7613. When invalid UTF-8 + passwords are detected, they are only tolerated for decryption. + This introduces a libunistring dependency on GnuTLS. A version of + libunistring is included in the library for the platforms that do + not ship it; it can be used with the '--with-included-unistring' + option to configure script. + +** libgnutls: When setting a subject alternative name in a certificate + which is in UTF-8 format, it will transparently be converted to IDNA form + prior to storing. + +** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print() + will print the SHA256 key-ID instead of a certificate fingerprint. + +** libgnutls: enhance the PKCS#7 verification capabilities. In the case + signers that are not discoverable using the trust list or input, use + the stored list as pool to generate a trusted chain to the signer. + +** libgnutls: Improved MTU calculation precision for the CBC ciphersuites + under DTLS. + +** libgnutls: [added missing news entry since 3.5.0] + No longer tolerate certificate key usage violations for + TLS signature verification, and decryption. That is GnuTLS will fail + to connect to servers which incorrectly use a restricted to signing certificate + for decryption, or vice-versa. This reverts the lax behavior introduced + in 3.1.0, due to several such broken servers being available. The %COMPAT + priority keyword can be used to work-around connecting on these servers. + +** certtool: When exporting a CRQ in DER format ensure no text data are + intermixed. Patch by Dmitry Eremin-Solenikov. + +** certtool: Include the SHA-256 variant of key ID in --certificate-info + options. + +** p11tool: Introduced the --initialize-pin and --initialize-so-pin + options. + +** API and ABI modifications: +gnutls_utf8_password_normalize: Added +gnutls_ocsp_resp_get_responder2: Added +gnutls_x509_crt_get_issuer_dn3: Added +gnutls_x509_crt_get_dn3: Added +gnutls_x509_rdn_get2: Added +gnutls_x509_dn_get_str2: Added +gnutls_x509_crl_get_issuer_dn3: Added +gnutls_x509_crq_get_dn3: Added + + +* Version 3.5.6 (released 2016-11-04) + +** libgnutls: Enhanced the PKCS#7 parser to allow decoding old + (pre-rfc5652) structures with arbitrary encapsulated content. + +** libgnutls: Introduced a function group to set known DH parameters + using groups from RFC7919. + +** libgnutls: Added more strict RFC4514 textual DN encoding and decoding. + Now the generated textual DN is in reverse order according to RFC4514, + and functions which generate a DN from strings such gnutls_x509_crt_set_*dn() + set the expected DN (reverse of the provided string). + +** libgnutls: Introduced time and constraints checks in the end certificate + in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct() + functions. + +** libgnutls: Set limits on the maximum number of alerts handled. That is, + applications using gnutls could be tricked into an busy loop if the + peer sends continuously alert messages. Applications which set a maximum + handshake time (via gnutls_handshake_set_timeout) will eventually recover + but others may remain in a busy loops indefinitely. This is related but + not identical to CVE-2016-8610, due to the difference in alert handling + of the libraries (gnutls delegates that handling to applications). + +** libgnutls: Reverted the change which made the gnutls_certificate_set_*key* + functions return an index (introduced in 3.5.5), to avoid affecting programs + which explicitly check success of the function as equality to zero. In order + for these functions to return an index an explicit call to gnutls_certificate_set_flags + with the GNUTLS_CERTIFICATE_API_V2 flag is now required. + +** libgnutls: Reverted the behavior of sending a status request extension even + without a response (introduced in 3.5.5). That is, we no longer reply to a + client's hello with a status request, with a status request extension. Although + that behavior is legal, it creates incompatibility issues with releases in + the gnutls 3.3.x branch. + +** libgnutls: Delayed the initialization of the random generator at + the first call of gnutls_rnd(). This allows applications to load + on systems which getrandom() would block, without blocking until + real random data are needed. + +** certtool: --get-dh-params will output parameters from the RFC7919 + groups. + +** p11tool: improvements in --initialize option. + +** API and ABI modifications: +GNUTLS_CERTIFICATE_API_V2: Added +GNUTLS_NO_TICKETS: Added +gnutls_pkcs7_get_embedded_data_oid: Added +gnutls_anon_set_server_known_dh_params: Added +gnutls_certificate_set_known_dh_params: Added +gnutls_psk_set_server_known_dh_params: Added +gnutls_x509_crt_check_key_purpose: Added + + +* Version 3.5.5 (released 2016-10-09) + +** libgnutls: enhanced gnutls_certificate_set_ocsp_status_request_file() + to allow importing multiple OCSP request files, one for each chain + provided. + +** libgnutls: The gnutls_certificate_set_key* functions return an + index of the added chain. That index can be used either with + gnutls_certificate_set_ocsp_status_request_file(), or with + gnutls_certificate_get_crt_raw() and friends. + +** libgnutls: Added SHA*, AES-GCM, AES-CCM and AES-CBC optimized implementations + for the aarch64 architecture. Uses Andy Polyakov's assembly code. + +** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key() + failures due to key mismatch. This prevents leaks or double freeing + on such failures. + +** libgnutls: Increased the maximum size of the handshake message hash. + This will allow the library to cope better with larger packets, as + the ones offered by current TLS 1.3 drafts. + +** libgnutls: Allow to use client certificates despite them containing + disallowed algorithms for a session. That allows for example a client + to use DSA-SHA1 due to his old DSA certificate, without requiring him + to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). + +** libgnutls: Reverted AESNI code on x86 to earlier version as the + latest version was creating position depending code. Added checks + in the CI to detect position depending code early. + +** guile: Update code to the I/O port API of Guile >= 2.1.4 + This makes sure the GnuTLS bindings will work with the forthcoming 2.2 + stable series of Guile, of which 2.1 is a preview. + +** API and ABI modifications: +gnutls_certificate_set_ocsp_status_request_function2: Added +gnutls_session_ext_register: Added +gnutls_session_supplemental_register: Added +GNUTLS_E_PK_INVALID_PUBKEY: Added +GNUTLS_E_PK_INVALID_PRIVKEY: Added + + +* Version 3.5.4 (released 2016-09-08) + +** libgnutls: Corrected the comparison of the serial size in OCSP response. + Previously the OCSP certificate check wouldn't verify the serial length + and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). + Reported by Stefan Buehler. + +** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop. + +** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This + is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0. + +** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256 + as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0. + +** libgnutls: Added support for internationalized passwords in PKCS#12 files. + Previous versions would only encrypt or decrypt using passwords from the ASCII + set. + +** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA + keys. The signature is now written as unsigned integers into the DSASignatureValue + structure. Previously signed integers could be written depending on what + the underlying module would produce. Addresses #122. + +** gnutls-cli: Fixed starttls regression from 3.5.3. + +** API and ABI modifications: +GNUTLS_E_MALFORMED_CIDR: Added +gnutls_x509_cidr_to_rfc5280: Added +gnutls_oid_to_mac: Added + + +* Version 3.5.3 (released 2016-08-09) + +** libgnutls: Added support for TCP fast open (RFC7413), allowing + to reduce by one round-trip the handshake process. Based on proposal and + patch by Tim Ruehsen. + +** libgnutls: Adopted a simpler with less memory requirements DTLS sliding + window implementation. Based on Fridolin Pokorny's implementation for + AF_KTLS. + +** libgnutls: Use getrandom where available via the syscall interface. + This works around an issue of not-using getrandom even if it exists + since glibc doesn't declare such function. + +** libgnutls: Fixed DNS name constraints checking in the case of empty + intersection of domain names in the chain. Report and fix by Martin Ukrop. + +** libgnutls: Fixed name constraints checking in the case of chains + where the higher level certificates contained different types of + constraints than the ones present in the lower intermediate CAs. + Report and fix by Martin Ukrop. + +** libgnutls: Dropped support for the EGD random generator. + +** libgnutls: Allow the decoding of raw elements (starting with #) + in RFC4514 DN string decoding. + +** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was + ignoring flags if all certificates in the list fit within the + initially allocated memory. Patch by Tim Kosse. + +** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() + to return invalid pointers when returned more than a single certificate. + Report and fix by Stefan Sørensen. + +** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain, + even when the extra_certs was non-null. Report and fix by Stefan Sørensen. + +** certtool: Added the "add_extension" and "add_critical_extension" + template options. This allows specifying arbitrary extensions into + certificates and certificate requests. + +** gnutls-cli: Added the --fastopen option. + +** API and ABI modifications: +GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added +gnutls_x509_crq_set_extension_by_oid: Added +gnutls_x509_dn_set_str: Added +gnutls_transport_set_fastopen: Added + + +* Version 3.5.2 (released 2016-07-06) + +** libgnutls: Address issue when utilizing the p11-kit trust store + for certificate verification (GNUTLS-SA-2016-2). + +** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by + Guillaume Roguez. + +** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects + from SafeNet Network HSM. Reported by Anthony Alba in #108. + +** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report + and fix by Stanislav Židek. + +** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE + instructions. Uses Andy Polyakov's assembly code. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.5.1 (released 2016-06-14) + +** libgnutls: The SSL 3.0 protocol support can completely be removed + using a compile time option. The configure option is --disable-ssl3-support. + +** libgnutls: The SSL 2.0 client hello support can completely be removed + using a compile time option. The configure option is --disable-ssl2-support. + +** libgnutls: Added support for OCSP Must staple PKIX extension. That is, + implemented the RFC7633 TLSFeature for OCSP status request extension. + Feature implemented by Tim Kosse. + +** libgnutls: More strict OCSP staple verification. That is, no longer + ignore invalid or too old OCSP staples. The previous behavior was + to rely on application use gnutls_ocsp_status_request_is_checked(), + while the new behavior is to include OCSP verification by default + and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error. + +** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key + purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This + improves interoperability with several old intermediate CA certificates + carrying these legacy OIDs. + +** libgnutls: Re-read the system wide priority file when needed. Patch by + Daniel P. Berrange. + +** libgnutls: Allow for fallback in system-specific initial keywords + (prefixed with '@'). That allows to specify a keyword such as + "@KEYWORD1,KEYWORD2" which will use the first available of these + two keywords. Patch by Daniel P. Berrange. + +** libgnutls: The SSLKEYLOGFILE environment variable can be used to log + session keys. These session keys are compatible with the NSS Key Log + Format and can be used to decrypt the session for debugging using + wireshark. + +** API and ABI modifications: +GNUTLS_CERT_INVALID_OCSP_STATUS: Added +gnutls_x509_crt_set_crq_extension_by_oid: Added +gnutls_x509_ext_import_tlsfeatures: Added +gnutls_x509_ext_export_tlsfeatures: Added +gnutls_x509_tlsfeatures_add: Added +gnutls_x509_tlsfeatures_init: Added +gnutls_x509_tlsfeatures_deinit: Added +gnutls_x509_tlsfeatures_get: Added +gnutls_x509_crt_get_tlsfeatures: Added +gnutls_x509_crt_set_tlsfeatures: Added +gnutls_x509_crq_get_tlsfeatures: Added +gnutls_x509_crq_set_tlsfeatures: Added +gnutls_ext_get_name: Added + + +* Version 3.5.0 (released 2016-05-09) + +** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA, + based on https://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + +** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07). + This curve is disabled by default as it is still on specification status. It + can be enabled using the priority string modifier +CURVE-X25519. + +** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01) + by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73). + +** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable + RSA and DSA parameter generation from a seed. + +** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This + cipher is prioritized after AES-GCM. + +** libgnutls: On a rehandshake ensure that the certificate of the peer or + its username remains the same as in previous handshakes. That is to protect + applications which do not check user credentials on rehandshakes. The + threat to address depends on the application protocol. Primarily it + protects against applications which authenticate the peer initially and + perform accounting using the session's information, from being misled + by a rehandshake which switches the peer's identity. Applications can + disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in + gnutls_init(). + +** libgnutls: No longer tolerate certificate key usage violations for + TLS signature verification, and decryption. That is GnuTLS will fail + to connect to servers which incorrectly use a restricted to signing certificate + for decryption, or vice-versa. This reverts the lax behavior introduced + in 3.1.0, due to several such broken servers being available. The %COMPAT + priority keyword can be used to work-around connecting on these servers. + +** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate + parsing errors in the extensions field and treat it as a typical Hello + message structure. Reported by Hubert Kario (#40). + +** libgnutls: Old and unsupported version numbers in client hellos are + rejected with a "protocol_version" alert message. Reported by Hubert + Kario (#42). + +** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*() + functions, only on non-resumed sessions. This brings the API in par with + its usage (#79). + +** libgnutls: Follow RFC5280 strictly in name constraints computation. The + permitted subtrees is intersected with any previous values. Report and + patch by Daiki Ueno. + +** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on + session resumption. Reported by Hubert Kario (#69). + +** libgnutls: Consider the max-record TLS extension even when under DTLS. + Reported by Peter Dettman (#61). + +** libgnutls: Replaced writev() system call with sendmsg(). + +** libgnutls: Replaced select() system call with poll() on POSIX systems. + +** libgnutls: Preload the system priority file on library load. This allows + applications that chroot() to also use the system priorities. + +** libgnutls: Applications are allowed to override the built-in key and + certificate URLs. + +** libgnutls: The gnutls.h header marks constant and pure functions explictly. + +** certtool: Added the ability to sign certificates using SHA3. + +** certtool: Added the --provable and --verify-allow-broken options. + +** gnutls-cli: The --dane option will cause verification failure if gnutls is not + compiled with DANE support. + +** crywrap: The tool was unbundled from gnutls' distribution. It can be found at + https://github.com/nmav/crywrap + +** guile: .go files are now built and installed + +** guile: Fix compatibility issue of the test suite with Guile 2.1 + +** guile: When --with-guile-site-dir is passed, modules are installed in a + versioned directory, typically $(datadir)/guile/site/2.0 + +** guile: Tests no longer leave zombie processes behind + +** API and ABI modifications: +GNUTLS_FORCE_CLIENT_CERT: Added +GNUTLS_ENABLE_FALSE_START: Added +GNUTLS_INDEFINITE_TIMEOUT: Added +GNUTLS_ALPN_SERVER_PRECEDENCE: Added +GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added +GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added +gnutls_check_version_numeric: Added +gnutls_x509_crt_equals: Added +gnutls_x509_crt_equals2: Added +gnutls_x509_crt_set_subject_alt_othername: Added +gnutls_x509_crt_set_issuer_alt_othername: Added +gnutls_x509_crt_get_signature_oid: Added +gnutls_x509_crt_get_pk_oid: Added +gnutls_x509_crq_set_subject_alt_othername: Added +gnutls_x509_crq_get_pk_oid: Added +gnutls_x509_crq_get_signature_oid: Added +gnutls_x509_crl_get_signature_oid: Added +gnutls_x509_privkey_generate2: Added +gnutls_x509_privkey_get_seed: Added +gnutls_x509_privkey_verify_seed: Added +gnutls_privkey_generate2: Added +gnutls_privkey_get_seed: Added +gnutls_privkey_verify_seed: Added +gnutls_decode_ber_digest_info: Added +gnutls_encode_ber_digest_info: Added +gnutls_dh_params_import_dsa: Added +gnutls_session_get_master_secret: Added + + +* Version 3.4.3 (released 2015-07-12) + +** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for + dates prior to 2050. + +** libgnutls: Force 16-byte alignment to all input to ciphers (previously it + was done only when cryptodev was enabled). + +** libgnutls: Removed support for pthread_atfork() as it has undefined + semantics when used with dlopen(), and may lead to a crash. + +** libgnutls: corrected failure when importing plain files + with gnutls_x509_privkey_import2(), and a password was provided. + +** libgnutls: Don't reject certificates if a CA has the URI or IP address + name constraints, and the end certificate doesn't have an IP address + name or a URI set. + +** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. + +** p11tool: Added --list-token-urls option, and print the token module name + in list-tokens. + +** API and ABI modifications: +gnutls_ecc_curve_get_oid: Added +gnutls_digest_get_oid: Added +gnutls_pk_get_oid: Added +gnutls_sign_get_oid: Added +gnutls_ecc_curve_get_id: Added +gnutls_oid_to_digest: Added +gnutls_oid_to_pk: Added +gnutls_oid_to_sign: Added +gnutls_oid_to_ecc_curve: Added +gnutls_pkcs7_get_signature_count: Added + + +* Version 3.4.2 (released 2015-06-16) + +** libgnutls: DTLS blocking API is more robust against infinite blocking, +and will notify of more possible timeouts. + +** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported +by Manuel Pegourie-Gonnard. + +** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That +allows to disable SIGPIPE for writes done within gnutls. + +** libgnutls: Enhanced the PKCS #7 API to allow signing and verification +of structures. API moved to gnutls/pkcs7.h header. + +** certtool: Added options to generate PKCS #7 bundles and signed +structures. + +** API and ABI modifications: +gnutls_x509_dn_get_str: Added +gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added +gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added +gnutls_x509_crt_verify_data2: Added +gnutls_pkcs7_get_crt_raw2: Added +gnutls_pkcs7_signature_info_deinit: Added +gnutls_pkcs7_get_signature_info: Added +gnutls_pkcs7_verify_direct: Added +gnutls_pkcs7_verify: Added +gnutls_pkcs7_get_crl_raw2: Added +gnutls_pkcs7_sign: Added +gnutls_pkcs7_attrs_deinit: Added +gnutls_pkcs7_add_attr: Added +gnutls_pkcs7_get_attr: Added +gnutls_pkcs7_print: Added + + +* Version 3.4.1 (released 2015-05-03) + +** libgnutls: gnutls_certificate_get_ours: will return the certificate even +if a callback was used to send it. + +** libgnutls: Check for invalid length in the X.509 version field. Without +the check certificates with invalid length would be detected as having an +arbitrary version. Reported by Hanno Böck. + +** libgnutls: Handle DNS name constraints with a leading dot. Patch by +Fotis Loukos. + +** libgnutls: Updated system-keys support for windows to compile in more +versions of mingw. Patch by Tim Kosse. + +** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by +Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. + +** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout +by default. That caused issues with non-blocking programs. + +** certtool: It can generate SHA256 key IDs. + +** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. + +** configure: re-enabled the --enable-local-libopts flag + +** API and ABI modifications: +gnutls_x509_crt_get_pk_ecc_raw: Added + + +* Version 3.4.0 (released 2015-04-08) + +** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) +ciphersuites. The former are enabled by default, the latter need to be +explicitly enabled, since they reduce the overall security level. + +** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following +draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. +That is currently provided as technology preview and is not enabled by +default, since there are no assigned ciphersuite points by IETF and there +is no guarrantee of compatibility between draft versions. The ciphersuite +priority string to enable it is "+CHACHA20-POLY1305". + +** libgnutls: Added support for encrypt-then-authenticate in CBC +ciphersuites (RFC7366 -taking into account its errata text). This is +enabled by default and can be disabled using the %NO_ETM priority +string. + +** libgnutls: Added support for the extended master secret +(triple-handshake fix) following draft-ietf-tls-session-hash-02. + +** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). + +** libgnutls: SSL 3.0 is no longer included in the default priorities +list. It has to be explicitly enabled, e.g., with a string like +"NORMAL:+VERS-SSL3.0". + +** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities +list. It has to be explicitly enabled, e.g., with a string like +"NORMAL:+ARCFOUR-128". + +** libgnutls: DSA signatures and DHE-DSS are no longer included in the +default priorities list. They have to be explicitly enabled, e.g., with +a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The +DSA ciphersuites were dropped because they had no deployment at all +on the internet, to justify their inclusion. + +** libgnutls: The priority string EXPORT was completely removed. The string +was already defunc as support for the EXPORT ciphersuites was removed in +GnuTLS 3.2.0. + +** libgnutls: Added API to utilize system specific private keys in +"gnutls/system-keys.h". It is currently provided as technology preview +and is restricted to windows CNG keys. + +** libgnutls: gnutls_x509_crt_check_hostname() and friends will use +RFC6125 comparison of hostnames. That introduces a dependency on libidn. + +** libgnutls: Depend on p11-kit 0.23.1 to comply with the final +PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). + +** libgnutls: Depend on nettle 3.1. + +** libgnutls: Use getrandom() or getentropy() when available. That +avoids the complexity of file descriptor handling and issues with +applications closing all open file descriptors on startup. + +** libgnutls: Use pthread_atfork() to detect fork when available. + +** libgnutls: If a key purpose (extended key usage) is specified for verification, +it is applied into intermediate certificates. The verification result +GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. + +** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in +combination with PKCS #11, or TPM URLs, it will utilize the provided +password as PIN if required. That removes the requirement for the +application to set a callback for PINs in that case. + +** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are +restricted to the corresponding protocols only, and the VERS-ALL +string is introduced to catch all possible protocols. + +** libgnutls: Added helper functions to obtain information on PKCS #8 +structures. + +** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t +will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. + +** libgnutls: Added functions to export and set the record state. That +allows for gnutls_record_send() and recv() to be offloaded (to kernel, +hardware or any other subsystem). + +** libgnutls: Added the ability to register application specific URL +types, which express certificates and keys using gnutls_register_custom_url(). + +** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., +to override AES-GCM using a system-specific accelerator. That is, (crypto.h) +gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), +gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). + +** libgnutls: Added gnutls_ext_register() to register custom extensions. +Contributed by Thierry Quemerais. + +** libgnutls: Added gnutls_supplemental_register() to register custom +supplemental data handshake messages. Contributed by Thierry Quemerais. + +** libgnutls-openssl: it is no longer built by default. + + +** certtool: Added --p8-info option, which will print PKCS #8 information +even if the password is not available. + +** certtool: --key-info option will print PKCS #8 encryption information +when available. + +** certtool: Added the --key-id and --fingerprint options. + +** certtool: Added the --verify-hostname, --verify-email and --verify-purpose +options to be used in certificate chain verification, to simulate verification +for specific hostname and key purpose (extended key usage). + +** certtool: --p12-info option will print PKCS #12 MAC and cipher information +when available. + +** certtool: it will print the A-label (ACE) names in addition to UTF-8. + +** p11tool: added options --set-id and --set-label. + +** gnutls-cli: added options --priority-list and --save-cert. + +** guile: Deprecated priority API has been removed. The old priority API, +which had been deprecated for some time, is now gone; use 'set-session-priorities!' +instead. + +** guile: Remove RSA parameters and related procedures. This API had been +deprecated. + +** guile: Fix compilation on MinGW. Previously only the static version of the +'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. + +** API and ABI modifications: +gnutls_record_get_state: Added +gnutls_record_set_state: Added +gnutls_aead_cipher_init: Added +gnutls_aead_cipher_decrypt: Added +gnutls_aead_cipher_encrypt: Added +gnutls_aead_cipher_deinit: Added +gnutls_pkcs12_generate_mac2: Added +gnutls_pkcs12_mac_info: Added +gnutls_pkcs12_bag_enc_info: Added +gnutls_pkcs8_info: Added +gnutls_pkcs_schema_get_name: Added +gnutls_pkcs_schema_get_oid: Added +gnutls_pcert_export_x509: Added +gnutls_pcert_export_openpgp: Added +gnutls_pcert_import_x509_list: Added +gnutls_pkcs11_privkey_cpy: Added +gnutls_x509_crq_get_signature_algorithm: Added +gnutls_x509_trust_list_iter_get_ca: Added +gnutls_x509_trust_list_iter_deinit: Added +gnutls_x509_trust_list_get_issuer_by_dn: Added +gnutls_pkcs11_get_raw_issuer_by_dn: Added +gnutls_certificate_get_trust_list: Added +gnutls_privkey_export_x509: Added +gnutls_privkey_export_pkcs11: Added +gnutls_privkey_export_openpgp: Added +gnutls_privkey_import_ext3: Added +gnutls_certificate_get_x509_key: Added +gnutls_certificate_get_x509_crt: Added +gnutls_certificate_get_openpgp_key: Added +gnutls_certificate_get_openpgp_crt: Added +gnutls_record_discard_queued: Added +gnutls_session_ext_master_secret_status: Added +gnutls_priority_string_list: Added +gnutls_dh_params_import_raw2: Added +gnutls_memset: Added +gnutls_memcmp: Added +gnutls_pkcs12_bag_set_privkey: Added +gnutls_ocsp_resp_get_responder_raw_id: Added +gnutls_system_key_iter_deinit: Added +gnutls_system_key_iter_get_info: Added +gnutls_system_key_delete: Added +gnutls_system_key_add_x509: Added +gnutls_system_recv_timeout: Added +gnutls_register_custom_url: Added +gnutls_pkcs11_obj_list_import_url3: Added +gnutls_pkcs11_obj_list_import_url4: Added +gnutls_pkcs11_obj_set_info: Added +gnutls_crypto_register_cipher: Added +gnutls_crypto_register_aead_cipher: Added +gnutls_crypto_register_mac: Added +gnutls_crypto_register_digest: Added +gnutls_ext_register: Added +gnutls_supplemental_register: Added +gnutls_supplemental_recv: Added +gnutls_supplemental_send: Added +gnutls_openpgp_crt_check_email: Added +gnutls_x509_crt_check_email: Added +gnutls_handshake_set_hook_function: Modified +gnutls_pkcs11_privkey_generate3: Added +gnutls_pkcs11_copy_x509_crt2: Added +gnutls_pkcs11_copy_x509_privkey2: Added +gnutls_pkcs11_obj_list_import_url: Removed +gnutls_pkcs11_obj_list_import_url2: Removed +gnutls_certificate_client_set_retrieve_function: Removed +gnutls_certificate_server_set_retrieve_function: Removed +gnutls_certificate_set_rsa_export_params: Removed +gnutls_certificate_type_set_priority: Removed +gnutls_cipher_set_priority: Removed +gnutls_compression_set_priority: Removed +gnutls_kx_set_priority: Removed +gnutls_mac_set_priority: Removed +gnutls_protocol_set_priority: Removed +gnutls_rsa_export_get_modulus_bits: Removed +gnutls_rsa_export_get_pubkey: Removed +gnutls_rsa_params_cpy: Removed +gnutls_rsa_params_deinit: Removed +gnutls_rsa_params_export_pkcs1: Removed +gnutls_rsa_params_export_raw: Removed +gnutls_rsa_params_generate2: Removed +gnutls_rsa_params_import_pkcs1: Removed +gnutls_rsa_params_import_raw: Removed +gnutls_rsa_params_init: Removed +gnutls_sign_callback_get: Removed +gnutls_sign_callback_set: Removed +gnutls_x509_crt_verify_data: Removed +gnutls_x509_crt_verify_hash: Removed +gnutls_pubkey_get_verify_algorithm: Removed +gnutls_x509_crt_get_verify_algorithm: Removed +gnutls_pubkey_verify_hash: Removed +gnutls_pubkey_verify_data: Removed +gnutls_record_set_max_empty_records: Removed + +guile: +set-session-cipher-priority!: Removed +set-session-mac-priority!: Removed +set-session-compression-method-priority!: Removed +set-session-kx-priority!: Removed +set-session-protocol-priority!: Removed +set-session-certificate-type-priority!: Removed +set-session-default-priority!: Removed +set-session-default-export-priority!: Removed +make-rsa-parameters: Removed +rsa-parameters?: Removed +set-certificate-credentials-rsa-export-parameters!: Removed +pkcs1-import-rsa-parameters: Removed +pkcs1-export-rsa-parameters: Removed + + + +* Version 3.3.6 (released 2014-07-23) + +** libgnutls: Use inet_ntop to print IP addresses when available + +** libgnutls: gnutls_x509_crt_check_hostname and friends will also check +IP addresses, and match documented behavior. Reported by David Woodhouse. + +** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 +bit parameters. + +** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens +being usable after a reinitialization. + +** libgnutls: fixed PKCS #11 private key operations after a fork. + +** libgnutls: fixed PKCS #11 ECDSA key generation. + +** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to +explicitly enable/disable the use of certain CPU capabilities. Note that CPU +detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel +CPU. The currently available options are: + 0x1: Disable all run-time detected optimizations + 0x2: Enable AES-NI + 0x4: Enable SSSE3 + 0x8: Enable PCLMUL + 0x100000: Enable VIA padlock + 0x200000: Enable VIA PHE + 0x400000: Enable VIA PHE SHA512 + +** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. + +** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. + +** p11tool: ask for label when one isn't provided. + +** p11tool: added --batch parameter to disable any interactivity. + +** p11tool: will not implicitly enable so-login for certain types of +objects. That avoids issues with tokens that require different login +types. + +** certtool/p11tool: Added the --curve parameter which allows to explicitly +specify the curve to use. + +** API and ABI modifications: +gnutls_certificate_set_x509_trust_dir: Added +gnutls_x509_trust_list_add_trust_dir: Added + + +* Version 3.3.5 (released 2014-06-26) + +** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). +These functions provide a variant of gnutls_record_recv() that avoids +the final memcpy of data. + +** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a +faster variant of gnutls_x509_crl_get_crt_serial() when coping with +very large structures. + +** libgnutls: When the decoding of a printable DN element fails, then treat +it as unknown and print its hex value rather than failing. That works around +an issue in a TURKTRST root certificate which improperly encodes the +X520countryName element. + +** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number +of certificates present in a PKCS #11 token when loading it. + +** libgnutls: Allow the post client hello callback to put the handshake on +hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. + +** certtool: option --to-p12 will now consider --load-ca-certificate + +** certtol: Added option to specify the PKCS #12 friendly name on command +line. + +** p11tool: Allow marking a certificate copied to a token as a CA. + +** API and ABI modifications: +GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added +gnutls_x509_crl_iter_deinit: Added +gnutls_x509_crl_iter_crt_serial: Added +gnutls_record_recv_packet: Added +gnutls_packet_deinit: Added +gnutls_packet_get: Added + + +* Version 3.3.4 (released 2014-05-31) + +** libgnutls: Updated Andy Polyakov's assembly code. That prevents a +crash on certain CPUs. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.3.3 (released 2014-05-30) + +** libgnutls: Eliminated memory corruption issue in Server Hello parsing. +Issue reported by Joonas Kuorilehto of Codenomicon. + +** libgnutls: gnutls_global_set_mutex() was modified to operate with the +new initialization process. + +** libgnutls: Increased the maximum certificate size buffer +in the PKCS #11 subsystem. + +** libgnutls: Check the return code of getpwuid_r() instead of relying +on the result value. That avoids issue in certain systems, when using +tofu authentication and the home path cannot be determined. Issue reported +by Viktor Dukhovni. + +** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to +create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 + +** gnutls-cli: --dane will only check the end certificate if PKIX validation +has been disabled. + +** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot +be emulated with the implicit initialization of gnutls. + +** certtool: Allow multiple organizations and organizational unit names to +be specified in a template. + +** certtool: Warn when invalid configuration options are set to a template. + +** ocsptool: Include path in ocsp request. This resolves #108582 +(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. + +** API and ABI modifications: +gnutls_credentials_get: Added + + +* Version 3.3.2 (released 2014-05-06) + +** libgnutls: Added the 'very weak' certificate verification profile +that corresponds to 64-bit security level. + +** libgnutls: Corrected file descriptor leak on random generator +initialization. + +** libgnutls: Corrected file descriptor leak on PSK password file +reading. Issue identified using the Codenomicon TLS test suite. + +** libgnutls: Avoid deinitialization if initialization has failed. + +** libgnutls: null-terminate othername alternative names. + +** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly +on a PKCS #11 trust list. + +** libgnutls: Several small bug fixes identified using valgrind and +the Codenomicon TLS test suite. + +** libgnutls-dane: Accept a certificate using DANE if there is at least one +entry that matches the certificate. Patch by simon [at] arlott.org. + +** libgnutls-guile: Fixed compilation issue. + +** certtool: Allow exporting a CRL on DER format. + +** certtool: The ECDSA keys generated by default use the SECP256R1 curve +which is supported more widely than the previously used SECP224R1. + +** API and ABI modifications: +GNUTLS_PROFILE_VERY_WEAK: Added + + +* Version 3.3.1 (released 2014-04-19) + +** libgnutls: Enforce more strict checks to heartbeat messages +concerning padding and payload. Suggested by Peter Dettman. + +** libgnutls: Allow decoding PKCS #8 files with ECC parameters +from openssl. + +** libgnutls: Several small bug fixes found by coverity. + +** libgnutls: The conditionally available self-test functions +were moved to self-test.h. + +** libgnutls: Fixed issue with the check of incoming data when two +different recv and send pointers have been specified. Reported and +investigated by JMRecio. + +** libgnutls: Fixed issue in the RSA-PSK key exchange, which would +result to illegal memory access if a server hint was provided. Reported +by André Klitzing. + +** libgnutls: Fixed client memory leak in the PSK key exchange, if a +server hint was provided. + +** libgnutls: Corrected the *get_*_othername_oid() functions. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.3.0 (released 2014-04-10) + +** libgnutls: The initialization of the library was moved to a +constructor. That is, gnutls_global_init() is no longer required +unless linking with a static library or a system that does not +support library constructors. + +** libgnutls: static libraries are not built by default. + +** libgnutls: PKCS #11 initialization is delayed to first usage. +That avoids long delays in gnutls initialization due to broken PKCS #11 +modules. + +** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" +on the first PKCS #11 API call after a fork. + +** libgnutls: certificate verification profiles were introduced +that can be specified as flags to verification functions. They +are enumerations in gnutls_certificate_verification_profiles_t +and can be converted to flags for use in a verification function +using GNUTLS_PROFILE_TO_VFLAGS(). + +** libgnutls: Added the ability to read system-specific initial +keywords, if they are prefixed with '@'. That allows a compile-time +specified configuration file to be used to read pre-configured priority +strings from. That can be used to impose system specific policies. + +** libgnutls: Increased the default security level of priority +strings (NORMAL and PFS strings require at minimum a 1008 DH prime), +and set a verification profile by default. The LEGACY keyword is +introduced to set the old defaults. + +** libgnutls: Added support for the name constraints PKIX extension. +Currently only DNS names and e-mails are supported (no URIs, IPs +or DNs). + +** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to +SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. + +** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. +This API handles the X.509 extensions in isolation, allowing to parse +similarly formatted extensions stored in other structures. + +** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS +can be used to specify a particular subgroup as the number of bits in +gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). + +** libgnutls: DH parameter generation is now delegated to nettle. +That unfortunately has the side-effect that DH parameters longer than +3072 bits, cannot be generated (not without a nettle update). + +** libgnutls: Separated nonce RNG from the main RNG. The nonce +random number generator is based on salsa20/12. + +** libgnutls: The buffer alignment provided to crypto backend is +enforced to be 16-byte aligned, when compiled with cryptodev +support. That allows certain cryptodev drivers to operate more +efficiently. + +** libgnutls: Return error when a public/private key pair that doesn't +match is set into a credentials structure. + +** libgnutls: Depend on p11-kit 0.20.0 or later. + +** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has +been removed. It was not approved by IETF. + +** libgnutls: The experimental xssl library is removed from the gnutls +distribution. + +** libgnutls: Reduced the number of gnulib modules used in the main library. + +** libgnutls: Added priority string %DISABLE_WILDCARDS. + +** libgnutls: Added the more extensible verification function +gnutls_certificate_verify_peers(), that allows checking, in addition +to a peer's DNS hostname, for the key purpose of the end certificate +(via PKIX extended key usage). + +** certtool: Timestamps for serial numbers were increased to 8 bytes, +and in batch mode to 12 (appended with 4 random bytes). + +** certtool: When no CRL number is provided (or value set to -1), then +a time-based number will be used, similarly to the serial generation +number in certificates. + +** certtool: Print the SHA256 fingerprint of a certificate in addition +to SHA1. + +** libgnutls: Added --enable-fips140-mode configuration option (unsupported). +That option enables (when running on FIPS140-enabled system): + o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) + o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. + o Self-tests on initialization on ciphers/MACs, public key algorithms + and the random generator. + o HMAC-SHA256 verification of the library on load. + o MD5 is included for TLS purposes but cannot be used by the high level + hashing functions. + o All ciphers except AES are disabled. + o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). + o All keys (temporal and long term) are zeroized after use. + o Security levels are adjusted to the FIPS140-2 recommendations (rather + than ECRYPT). + +** API and ABI modifications: +GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added +gnutls_certificate_verify_peers: Added +gnutls_privkey_generate: Added +gnutls_pkcs11_crt_is_known: Added +gnutls_fips140_mode_enabled: Added +gnutls_sec_param_to_symmetric_bits: Added +gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) +gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) +gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) +gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) +gnutls_pubkey_verify_params: Added +gnutls_privkey_export_ecc_raw: Added +gnutls_privkey_export_dsa_raw: Added +gnutls_privkey_export_rsa_raw: Added +gnutls_privkey_import_ecc_raw: Added +gnutls_privkey_import_dsa_raw: Added +gnutls_privkey_import_rsa_raw: Added +gnutls_privkey_verify_params: Added +gnutls_x509_crt_check_hostname2: Added +gnutls_openpgp_crt_check_hostname2: Added +gnutls_x509_name_constraints_init: Added +gnutls_x509_name_constraints_deinit: Added +gnutls_x509_crt_get_name_constraints: Added +gnutls_x509_name_constraints_add_permitted: Added +gnutls_x509_name_constraints_add_excluded: Added +gnutls_x509_crt_set_name_constraints: Added +gnutls_x509_name_constraints_get_permitted: Added +gnutls_x509_name_constraints_get_excluded: Added +gnutls_x509_name_constraints_check: Added +gnutls_x509_name_constraints_check_crt: Added +gnutls_x509_crl_get_extension_data2: Added +gnutls_x509_crt_get_extension_data2: Added +gnutls_x509_crq_get_extension_data2: Added +gnutls_subject_alt_names_init: Added +gnutls_subject_alt_names_deinit: Added +gnutls_subject_alt_names_get: Added +gnutls_subject_alt_names_set: Added +gnutls_x509_ext_import_subject_alt_names: Added +gnutls_x509_ext_export_subject_alt_names: Added +gnutls_x509_crl_dist_points_init: Added +gnutls_x509_crl_dist_points_deinit: Added +gnutls_x509_crl_dist_points_get: Added +gnutls_x509_crl_dist_points_set: Added +gnutls_x509_ext_import_crl_dist_points: Added +gnutls_x509_ext_export_crl_dist_points: Added +gnutls_x509_ext_import_name_constraints: Added +gnutls_x509_ext_export_name_constraints: Added +gnutls_x509_aia_init: Added +gnutls_x509_aia_deinit: Added +gnutls_x509_aia_get: Added +gnutls_x509_aia_set: Added +gnutls_x509_ext_import_aia: Added +gnutls_x509_ext_export_aia: Added +gnutls_x509_ext_import_subject_key_id: Added +gnutls_x509_ext_export_subject_key_id: Added +gnutls_x509_ext_export_authority_key_id: Added +gnutls_x509_ext_import_authority_key_id: Added +gnutls_x509_aki_init: Added +gnutls_x509_aki_get_id: Added +gnutls_x509_aki_get_cert_issuer: Added +gnutls_x509_aki_set_id: Added +gnutls_x509_aki_set_cert_issuer: Added +gnutls_x509_aki_deinit: Added +gnutls_x509_ext_import_private_key_usage_period: Added +gnutls_x509_ext_export_private_key_usage_period: Added +gnutls_x509_ext_import_basic_constraints: Added +gnutls_x509_ext_export_basic_constraints: Added +gnutls_x509_ext_import_key_usage: Added +gnutls_x509_ext_export_key_usage: Added +gnutls_x509_ext_import_proxy: Added +gnutls_x509_ext_export_proxy: Added +gnutls_x509_policies_init: Added +gnutls_x509_policies_deinit: Added +gnutls_x509_policies_get: Added +gnutls_x509_policies_set: Added +gnutls_x509_ext_import_policies: Added +gnutls_x509_ext_export_policies: Added +gnutls_x509_key_purpose_init: Added +gnutls_x509_key_purpose_deinit: Added +gnutls_x509_key_purpose_set: Added +gnutls_x509_key_purpose_get: Added +gnutls_x509_ext_import_key_purposes: Added +gnutls_x509_ext_export_key_purposes: Added +gnutls_digest_self_test: Added (conditionally) +gnutls_mac_self_test: Added (conditionally) +gnutls_pk_self_test: Added (conditionally) +gnutls_cipher_self_test: Added (conditionally) +gnutls_global_set_mem_functions: Deprecated + + +* Version 3.2.6 (released 2013-10-31) + +** libgnutls: Support for TPM via trousers is now enabled by default. + +** libgnutls: Camellia in GCM mode has been added in default priorities, and +GCM mode is prioritized over CBC in all of the default priority strings. + +** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384. + +** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, +GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. +Reported by Stefan Buehler. + +** libgnutls: Added support for ISO OID for RSA-SHA1 signatures. + +** libgnutls: Minimum acceptable DH group parameters were increased to 767 +bits from 727. + +** libgnutls: Added function to obtain random data from PKCS #11 tokens. +Contributed by Wolfgang Meyer zu Bergsten. + +** gnulib: updated. + +** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the +previous fix. Reported by Tomas Mraz. + +** p11tool: Added option generate-random. + +** API and ABI modifications: +gnutls_pkcs11_token_get_random: Added + + +* Version 3.2.5 (released 2013-10-23) + +** libgnutls: Documentation and build-time fixes. + +** libgnutls: Allow the generation of DH groups of less than 700 bits. + +** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 as MAC, +as well as Camellia with GCM. + +** libdane: Added interfaces to allow initialization of dane_query_t from +external DNS resolutions, and to allow direct verification of a certificate +chain against a dane_query_t. Contributed by Christian Grothoff. + +** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be +triggered by a DNS server supplying more than 4 DANE records. Report and fix +by Christian Grothoff. + +** srptool: Fixed index command line option. Patch by Attila Molnar. + +** gnutls-cli: Added support for inline commands, using the +--inline-commands-prefix and --inline-commands options. Patch by Raj Raman. + +** certtool: pathlen constraint is now read correctly. Reported by +Christoph Seitz. + +** API and ABI modifications: +gnutls_certificate_get_crt_raw: Added +dane_verify_crt_raw: Added +dane_raw_tlsa: Added + + +* Version 3.2.4 (released 2013-08-31) + +** libgnutls: Fixes when session tickets and session DB are used. +Report and initial patch by Stefan Buehler. + +** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner, +based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH. + +** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch +by Stefan Buehler. + +** libgnutls: Added the PFS priority string option. + +** libgnutls: Gnulib included files are strictly LGPLv2. + +** libgnutls: Corrected gnutls_certificate_server_set_request(). +Reported by Petr Pisar. + +** API and ABI modifications: +gnutls_record_set_timeout: Exported + + +* Version 3.2.3 (released 2013-07-30) + +** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler. + +** libgnutls: Solve issue with received TLS packets that exceed 2^14. +(this fixes a bug that was accidentally introduced in 3.2.2) + +** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be +used by the library. + +** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by +Alfredo Pironti. + +** API and ABI modifications: +gnutls_priority_kx_list: Added +gnutls_priority_mac_list: Added +gnutls_priority_cipher_list: Added + + +* Version 3.2.2 (released 2013-07-14) + +** libgnutls: Several optimizations in the related to packet processing +subsystems. + +** libgnutls: DTLS replay detection can now be disabled (to be used +in certain transport layers like SCTP). + +** libgnutls: Fixes in SRTP extension generation when MKI is being +used. + +** libgnutls: Added ability to set hooks before or after sending or receiving +any handshake message with gnutls_handshake_set_hook_function(). + +** API and ABI modifications: +GNUTLS_NO_REPLAY_PROTECTION: Added +gnutls_certificate_set_trust_list: Added +gnutls_cipher_get_tag_size: Added +gnutls_record_overhead_size: Added +gnutls_est_record_overhead_size: Added +gnutls_handshake_set_hook_function: Added +gnutls_handshake_description_get_name: Added +gnutls_digest_list: Added +gnutls_digest_get_id: Added +gnutls_digest_get_name: Added + + +* Version 3.2.1 (released 2013-06-01) + +** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain +openssl versions. + +** libgnutls: Fixes in interrupted function resumption. Report +and patch by Tim Kosse. + +** libgnutls: Corrected issue when receiving client hello verify requests +in DTLS. + +** libgnutls: Fixes in DTLS record overhead size calculations. + +** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported +by Mann Ern Kang. + +** API and ABI modifications: +gnutls_session_set_id: Added + + +* Version 3.2.0 (released 2013-05-10) + +** libgnutls: Use nettle's elliptic curve implementation. + +** libgnutls: Added Salsa20 cipher + +** libgnutls: Added UMAC-96 and UMAC-128 + +** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. +As they are not standardized they are defined using private ciphersuite +numbers. + +** libgnutls: Added support for DTLS 1.2. + +** libgnutls: Added support for the Application Layer Protocol Negotiation +(ALPN) extension. + +** libgnutls: Removed support for the RSA-EXPORT ciphersuites. + +** libgnutls: Avoid linking to librt (that also avoids unnecessary +linking to pthreads if p11-kit isn't used). + +** API and ABI modifications: +gnutls_cipher_get_iv_size: Added +gnutls_hmac_set_nonce: Added +gnutls_mac_get_nonce_size: Added + + +* Version 3.1.10 (released 2013-03-22) + +** certtool: When generating PKCS #12 files use by default the +ARCFOUR (RC4) cipher to be compatible with devices that don't +support AES with PKCS #12. + +** libgnutls: Load CA certificates in android 4.x systems. + +** libgnutls: Optimized CA certificate loading. + +** libgnutls: Private keys are overwritten on deinitialization. + +** libgnutls: PKCS #11 slots are scanned only when needed, not +on initialization. This speeds up gnutls initialization when smart +cards are present. + +** libgnutls: Corrected issue in the (deprecated) external key +signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. + +** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by +Joke de Buhr. + +** libgnutls-dane: Updated DANE verification options. + +** configure: Trust store file must be explicitly set or unset when +cross compiling. + +** API and ABI modifications: +gnutls_x509_crt_get_issuer_dn2: Added +gnutls_x509_crt_get_dn2: Added +gnutls_x509_crl_get_issuer_dn2: Added +gnutls_x509_crq_get_dn2: Added +gnutls_x509_trust_list_remove_trust_mem: Added +gnutls_x509_trust_list_remove_trust_file: Added +gnutls_x509_trust_list_remove_cas: Added +gnutls_session_get_desc: Added +gnutls_privkey_sign_raw_data: Added +gnutls_privkey_status: Added + + +* Version 3.1.9 (released 2013-02-27) + +** certtool: Option --to-p12 will now ask for a password to generate +a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. + +** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). + +** libgnutls: Corrected parsing issue in XMPP within a subject +alternative name. Reported by James Cloos. + +** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 +modules, and not only the ones loaded via p11-kit. + +** libgnutls: Added function to check whether the private key is +still available (inserted). + +** libgnutls: Try to detect fork even during nonce generation. + +** API and ABI modifications: +gnutls_handshake_set_random: Added +gnutls_transport_set_int2: Added +gnutls_transport_get_int2: Added +gnutls_transport_get_int: Added +gnutls_record_cork: Exported +gnutls_record_uncork: Exported +gnutls_pkcs11_privkey_status: Added + + +* Version 3.1.8 (released 2013-02-10) + +** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return +GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation +with encrypted keys. Reported by Yan Fiz. + +** libgnutls: The minimum DH bits accepted by priorities NORMAL and +PERFORMANCE was set to previous defaults 727 bits. Reported by Diego +Elio Petteno. + +** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() +to operate with long keys. Reported by Erik A Jensen. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.1.7 (released 2013-02-04) + +** certtool: Added option "dn" which allows to directly set the DN +in a template from an RFC4514 string. + +** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. + +** libgnutls-xssl: Added a new library to simplify GnuTLS usage. + +** libgnutls-dane: Added function to specify a DLV file. + +** libgnutls: Heartbeat code was made optional. + +** libgnutls: Fixes in server side of DTLS-0.9. + +** libgnutls: DN variable 'T' was expanded to 'title'. + +** libgnutls: Fixes in record padding parsing to prevent a timing attack. +Issue reported by Kenny Paterson and Nadhem Alfardan. + +** libgnutls: Added functions to directly set the DN in a certificate +or request from an RFC4514 string. + +** libgnutls: Optimizations in the random generator. The re-seeding of +it is now explicitly done on every session deinit. + +** libgnutls: Simplified the DTLS sliding window implementation. + +** libgnutls: The minimum DH bits accepted by a client are now set +by the specified priority string. The current values correspond to the +previous defaults (727 bits), except for the SECURE128 and SECURE192 +strings which increase the minimum to 1248 and 1776 respectively. + +** libgnutls: Added the gnutls_record_cork() and uncork API to enable +buffering in sending application data. + +** libgnutls: Removed default random padding, and added a length-hiding interface +instead. Both the server and the client must support this extension. Whether +length-hiding can be used on a given session can be checked using +gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. + +** libgnutls: Added the experimental %NEW_PADDING priority string. It enables +a new padding mechanism in TLS allowing arbitrary padding in TLS records +in all ciphersuites, which makes length-hiding more efficient and solves +the issues with timing attacks on CBC ciphersuites. + +** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD +ciphers (i.e., AES-GCM). Reported by William McGovern. + +** API and ABI modifications: +gnutls_db_check_entry_time: Added +gnutls_record_set_timeout: Added +gnutls_record_get_random_padding_status: Added +gnutls_x509_crt_set_dn: Added +gnutls_x509_crt_set_issuer_dn: Added +gnutls_x509_crq_set_dn: Added +gnutls_range_split: Added +gnutls_record_send_range: Added +gnutls_record_set_max_empty_records: Added +gnutls_record_can_use_length_hiding: Added +gnutls_rnd_refresh: Added +xssl_deinit: Added +xssl_flush: Added +xssl_read: Added +xssl_getdelim: Added +xssl_write: Added +xssl_printf: Added +xssl_sinit: Added +xssl_client_init: Added +xssl_server_init: Added +xssl_get_session: Added +xssl_get_verify_status: Added +xssl_cred_init: Added +xssl_cred_deinit: Added +dane_state_set_dlv_file: Added +GNUTLS_SEC_PARAM_EXPORT: Added +GNUTLS_SEC_PARAM_VERY_WEAK: Added + + +* Version 3.1.6 (released 2013-01-02) + +** libgnutls: Fixed record padding parsing issue. Reported by Kenny +Paterson and Nadhem Alfardan. + +** libgnutls: Several updates in the ASN.1 string handling subsystem. + +** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero +policy qualifiers. + +** libgnutls: Ignore heartbeat messages when received out-of-order, +instead of issuing an error. + +** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported +by Kikuchi Masashi. + +** libgnutls: TPM support is disabled by default because GPL programs +cannot link with it. Use --with-tpm to enable it. + +** libgnutls-guile: Fixed parallel compilation issue. + +** gnutls-cli: It will try to connect to all possible returned addresses +before failing. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.1.5 (released 2012-11-24) + +** libgnutls: Added functions to parse the certificates policies +extension. + +** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished +Name by translating it to UTF-8 (works on windows or systems with iconv). + +** libgnutls: Added PKCS #11 key generation function that returns the +public key on generation. + +** libgnutls: Corrected bug in priority string parsing, that mostly +affected combined levels. Patch by Tim Kosse. + +** certtool: The --pubkey-info option can be combined with the +--load-privkey or --load-request to print the corresponding public keys. + +** certtool: It is able to set certificate policies via a template. + +** certtool: Added --hex-numbers option which prints big numbers in +an easier to parse format. + +** p11tool: After key generation, outputs the public key (useful in +tokens that do not store the public key). + +** danetool: It is being built even without libgnutls-dane (the +--check functionality is disabled though). + +** API and ABI modifications: +gnutls_pkcs11_privkey_generate2: Added +gnutls_x509_crt_get_policy: Added +gnutls_x509_crt_set_policy: Added +gnutls_x509_policy_release: Added +gnutls_pubkey_import_x509_crq: Added +gnutls_pubkey_print: Added +GNUTLS_CRT_PRINT_FULL_NUMBERS: Added + + +* Version 3.1.4 (released 2012-11-10) + +** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on +the available revocation data validity. + +** libgnutls: Added gnutls_certificate_verification_status_print(), +a function to print the verification status code in human readable text. + +** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. + +** libgnutls: Simplified certificate verification by adding +gnutls_certificate_verify_peers3(). + +** libgnutls: Added support for extension to establish keys for SRTP. +Contributed by Martin Storsjo. + +** libgnutls: The X.509 verification functions check the key +usage bits and pathlen constraints and on failure output +GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. + +** libgnutls: gnutls_x509_crl_verify() includes the time checks. + +** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN +and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. + +** libgnutls: Always tolerate key usage violation errors from the side +of the peer, but also notify via an audit message. + +** gnutls-cli: Added --local-dns option. + +** danetool: Corrected bug that prevented loading PEM files. + +** danetool: Added --check option to allow querying and verifying +a site's DANE data. + +** libgnutls-dane: Added pkg-config file for the library. + +** API and ABI modifications: +gnutls_session_get_id2: Added +gnutls_sign_is_secure: Added +gnutls_certificate_verify_peers3: Added +gnutls_ocsp_status_request_is_checked: Added +gnutls_certificate_verification_status_print: Added +gnutls_srtp_set_profile: Added +gnutls_srtp_set_profile_direct: Added +gnutls_srtp_get_selected_profile: Added +gnutls_srtp_get_profile_name: Added +gnutls_srtp_get_profile_id: Added +gnutls_srtp_get_keys: Added +gnutls_srtp_get_mki: Added +gnutls_srtp_set_mki: Added +gnutls_srtp_profile_t: Added +dane_cert_type_name: Added +dane_match_type_name: Added +dane_cert_usage_name: Added +dane_verification_status_print: Added +GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added +GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added +GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added +GNUTLS_CERT_UNEXPECTED_OWNER: Added +GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added + + +* Version 3.1.3 (released 2012-10-12) + +** libgnutls: Added support for the OCSP Certificate Status +extension. + +** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP +certificate status extension in verification. + +** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). + +** libgnutls: Increased maximum password length in the PKCS #12 +functions. + +** libgnutls: Fixed the receipt of session tickets during session resumption. +Reported by danblack at http://savannah.gnu.org/support/?108146 + +** libgnutls: Added functions to export structures in an allocated buffer. + +** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP +response corresponds to the given certificate. + +** libgnutls: In client side gnutls_init() enables the session ticket and +OCSP certificate status request extensions by default. The flag +GNUTLS_NO_EXTENSIONS can be used to prevent that. + +** libgnutls: Several updates in the OpenPGP code. The generating code +is fully RFC6091 compliant and RFC5081 support is only supported in client +mode. + +** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC +certificate verification. + +** gnutls-cli: Added --dane option to enable DANE certificate verification. + +** danetool: Added tool to generate DANE TLSA Resource Records (RR). + +** API and ABI modifications: +gnutls_certificate_get_peers_subkey_id: Added +gnutls_certificate_set_ocsp_status_request_function: Added +gnutls_certificate_set_ocsp_status_request_file: Added +gnutls_ocsp_status_request_enable_client: Added +gnutls_ocsp_status_request_get: Added +gnutls_ocsp_resp_check_crt: Added +gnutls_dh_params_export2_pkcs3: Added +gnutls_pubkey_export2: Added +gnutls_x509_crt_export2: Added +gnutls_x509_dn_export2: Added +gnutls_x509_crl_export2: Added +gnutls_pkcs7_export2: Added +gnutls_x509_privkey_export2: Added +gnutls_x509_privkey_export2_pkcs8: Added +gnutls_x509_crq_export2: Added +gnutls_openpgp_crt_export2: Added +gnutls_openpgp_privkey_export2: Added +gnutls_pkcs11_obj_export2: Added +gnutls_pkcs12_export2: Added +gnutls_pubkey_import_openpgp_raw: Added +gnutls_pubkey_import_x509_raw: Added +dane_state_init: Added +dane_state_deinit: Added +dane_query_tlsa: Added +dane_query_status: Added +dane_query_entries: Added +dane_query_data: Added +dane_query_deinit: Added +dane_verify_session_crt: Added +dane_verify_crt: Added +dane_strerror: Added + + +* Version 3.1.2 (released 2012-09-26) + +** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() +and gnutls_x509_trust_list_add_trust_mem() that prevented the loading +of certificates in the windows platform. + +** libgnutls: Corrected bug in OpenPGP subpacket encoding. + +** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. +(the work was done during Google Summer of Code). + +** libgnutls: Added X.509 certificate verification flag +GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification +of unsorted certificate chains and is enabled by default for +TLS certificate verification (if gnutls_certificate_set_verify_flags() +does not override it). + +** libgnutls: Prints warning on certificates that contain keys of +an insecure level. If the %COMPAT priority flag is not specified +the TLS connection fails. + +** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode +if interrupted during the retrasmition of handshake data. + +** libgnutls: Better mingw32 support (patch by LRN). + +** libgnutls: The %COMPAT keyword, if specified, will tolerate +key usage violation errors (they are far too common to ignore). + +** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), +which provides a tool to counter compression-related attacks where +parts of the data are controlled by the attacker _and_ are placed in +separate records (use with care - do not use compression if not sure). + +** libgnutls: Depends on libtasn1 2.14 or later. + +** certtool: Prints the number of bits of the public key algorithm +parameter in a private key. + +** API and ABI modifications: +gnutls_x509_privkey_get_pk_algorithm2: Added +gnutls_heartbeat_ping: Added +gnutls_heartbeat_pong: Added +gnutls_heartbeat_allowed: Added +gnutls_heartbeat_enable: Added +gnutls_heartbeat_set_timeouts: Added +gnutls_heartbeat_get_timeout: Added +GNUTLS_SEC_PARAM_WEAK: Added +GNUTLS_SEC_PARAM_INSECURE: Added + +* Version 3.1.1 (released 2012-09-02) + +** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. + +** certtool: Changes in password handling of certtool. +Ask password when required and only if the '--password' option is not +given. If the '--password' option is given during key generation then +assume the PKCS #8 file format, instead of ignoring the password. + +** tpmtool: No longer asks for key password in registered keys. + +** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. +wmNAF is now used for point multiplication and other optimizations. +(the major part of the work was done during Google Summer of Code). + +** libgnutls: The default pull_timeout_function only uses select +instead of a combination of select() and recv() to prevent issues +when used in stream sockets in some systems. + +** libgnutls: Be tolerant in ECDSA signature violations (e.g. using +SHA256 with a SECP384 curve instead of SHA-384), to interoperate with +openssl. + +** libgnutls: Fixed DSA and ECDSA signature generation in smart +cards. Thanks to Andreas Schwier from cardcontact.de for providing +me with ECDSA capable smart cards. + +** API and ABI modifications: +gnutls_sign_algorithm_get: Added +gnutls_sign_get_hash_algorithm: Added +gnutls_sign_get_pk_algorithm: Added + + +* Version 3.1.0 (released 2012-08-15) + +** libgnutls: Added direct support for TPM as a cryptographic module +in gnutls/tpm.h. TPM keys can be used in functions accepting files +using URLs of the following types: + tpmkey:file=/path/to/file + tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user + +** libgnutls: Priority string level keywords can be combined. +For example the string "SECURE256:+SUITEB128" is now allowed. + +** libgnutls: requires libnettle 2.5. + +** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) +for encryption and signatures. + +** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between +generic errors and signature verification errors in the verification +functions. + +** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function +to simplify parsing in most PKCS #12 use cases. + +** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds +the whole certificate chain (if any) to the credentials structure, instead +of only the end-user certificate. + +** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() +and gnutls_x509_privkey_import_pkcs8(), return consistently +GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no +password was provided. + +** libgnutls: Added gnutls_handshake_set_timeout() a function that +allows to set the maximum time spent in a handshake. + +** libgnutlsxx: Added session::set_transport_vec_push_function. Patch +by Alexandre Bique. + +** tpmtool: Added. It is a tool to generate private keys in the +TPM. + +** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx +and --benchmark-tls-ciphers + +** certtool: generated PKCS #12 structures may hold more than one +private key. Patch by Lucas Fisher. + +** certtool: Added option --null-password to generate/decrypt keys +that use a NULL password (in schemas that distinguish between NULL +an empty passwords). + +** minitasn1: Upgraded to libtasn1 version 2.13. + +** API and ABI modifications: +GNUTLS_CERT_SIGNATURE_FAILURE: Added +GNUTLS_CAMELLIA_192_CBC: Added +GNUTLS_PKCS_NULL_PASSWORD: Added +gnutls_url_is_supported: Added +gnutls_pkcs11_obj_list_import_url2: Added +gnutls_pkcs11_obj_set_pin_function: Added +gnutls_pkcs11_privkey_set_pin_function: Added +gnutls_pkcs11_get_pin_function: Added +gnutls_privkey_import_tpm_raw: Added +gnutls_privkey_import_tpm_url: Added +gnutls_privkey_import_pkcs11_url: Added +gnutls_privkey_import_openpgp_raw: Added +gnutls_privkey_import_x509_raw: Added +gnutls_privkey_import_ext2: Added +gnutls_privkey_import_url: Added +gnutls_privkey_set_pin_function: Added +gnutls_tpm_privkey_generate: Added +gnutls_tpm_key_list_deinit: Added +gnutls_tpm_key_list_get_url: Added +gnutls_tpm_get_registered: Added +gnutls_tpm_privkey_delete: Added +gnutls_pubkey_import_tpm_raw: Added +gnutls_pubkey_import_tpm_url: Added +gnutls_pubkey_import_url: Added +gnutls_pubkey_verify_hash2: Added +gnutls_pubkey_set_pin_function: Added +gnutls_x509_privkey_import2: Added +gnutls_x509_privkey_import_openssl: Added +gnutls_x509_crt_set_pin_function: Added +gnutls_load_file: Added +gnutls_pkcs12_simple_parse: Added +gnutls_certificate_set_x509_system_trust: Added +gnutls_certificate_set_pin_function: Added +gnutls_x509_trust_list_add_system_trust: Added +gnutls_x509_trust_list_add_trust_file: Added +gnutls_x509_trust_list_add_trust_mem: Added +gnutls_pk_to_sign: Added +gnutls_handshake_set_timeout: Added +gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) +gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2) + + +* Version 3.0.22 (released 2012-08-04) + +** libgnutls: gnutls_certificate_set_x509_system_trust() +is now supported on OpenBSD. + +** libgnutls: When verifying a certificate chain make sure it is chain. +If the chain is wronly interrupted at some point then truncate it, +and only try to verify the correct part. Patch by David Woodhouse + +** libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() +which now may (again) accept a NULL password. + +** certtool: Allow the user to choose the hash algorithm +when signing certificate request or certificate revocation list. +Patch by Petr Písař. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.21 (released 2012-07-02) + +** libgnutls: fixed bug in gnutls_x509_privkey_import() +that prevented the loading of EC private keys when DER +encoded. Reported by David Woodhouse. + +** libgnutls: In DTLS larger to mtu records result to +GNUTLS_E_LARGE_PACKET instead of being truncated. + +** libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based +on patch by David Woodhouse. + +** libgnutls: Fixed memory leak in PKCS #8 key import. + +** libgnutls: Added support for an old version of the DTLS protocol +used by openconnect vpn client for compatibility with Cisco's AnyConnect +SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols +as it has issues. + +** libgnutls: Corrected bug that prevented resolving PKCS #11 URLs +if only the label is specified. Patch by David Woodhouse. + +** libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET +is returned. + +** API and ABI modifications: +gnutls_dtls_set_data_mtu: Added +gnutls_session_set_premaster: Added + + +* Version 3.0.20 (released 2012-06-05) + +** libgnutls: Corrected bug which prevented the parsing of +handshake packets spanning multiple records. + +** libgnutls: Check key identifiers when checking for an issuer. + +** libgnutls: Added gnutls_pubkey_verify_hash2() + +** libgnutls: Added gnutls_certificate_set_x509_system_trust() +that loads the trusted CA certificates from system locations +(e.g. trusted storage in windows and CA bundle files in other systems). + +** certtool: Added support for the URI subject alternative +name type in certtool. + +** certtool: Increase to 128 the maximum number of distinct options +(e.g. dns_names) allowed. + +** gnutls-cli: If --print-cert is given, print the certificate, +even on verification failure. + +** API and ABI modifications: +gnutls_pk_to_sign: Added +gnutls_pubkey_verify_hash2: Added +gnutls_certificate_set_x509_system_trust: Added + + +* Version 3.0.19 (released 2012-04-22) + +** libgnutls: When decoding a PKCS #11 URL the pin-source field +is assumed to be a file that stores the pin. Based on patch +by David Smith. + +** libgnutls: gnutls_record_check_pending() no longer +returns unprocessed data, and thus ensure the non-blocking +of the next call to gnutls_record_recv(). + +** libgnutls: Added strict tests in Diffie-Hellman and +SRP key exchange public keys. + +** libgnutls: in ECDSA and DSA TLS 1.2 authentication be less +strict in hash selection, and allow a stronger hash to +be used than the appropriate, to improve interoperability +with openssl. + +** tests: Disabled floating point test, and corrections +in pkcs12 decoding tests. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.18 (released 2012-04-02) + +** certtool: Avoid a Y2K38 bug when generating certificates. +Patch by Robert Millan. + +** libgnutls: Make sure that GNUTLS_E_PREMATURE_TERMINATION +is returned on premature termination (and added unit test). + +** libgnutls: Fixes for W64 API. Patch by B. Scott Michel. + +** libgnutls: Corrected VIA padlock detection for old +VIA processors. Reported by Kris Karas. + +** libgnutls: Updated assembler files. + +** libgnutls: Time in generated certificates is stored +as GeneralizedTime instead of UTCTime (which only stores +2 digits of a year). + +** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release). + +** API and ABI modifications: +gnutls_x509_crt_set_private_key_usage_period: Added +gnutls_x509_crt_get_private_key_usage_period: Added +gnutls_x509_crq_set_private_key_usage_period: Added +gnutls_x509_crq_get_private_key_usage_period: Added +gnutls_session_get_random: Added + + +* Version 3.0.17 (released 2012-03-17) + +** command line apps: Always link with local libopts. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.16 (released 2012-03-16) + +** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release). + +** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2. + +** libgnutls: included assembler files for MacOSX. + +** p11tool: Small fixes in handling of the --private command +line option. + +** certtool: The template option allows for setting the domain +component (DC) option of the distinguished name, and the ocsp_uri +as well as the ca_issuers_uri options. + +** API and ABI modifications: +gnutls_x509_crt_set_authority_info_access: Added + + +* Version 3.0.15 (released 2012-03-02) + +** test suite: Only run under valgrind in the development +system (the full git repository) + +** command line apps: Link with local libopts if the +installed is an old one. + +** libgnutls: Eliminate double free during SRP +authentication. Reported by Peter Penzov. + +** libgnutls: Corrections in record packet parsing. +Reported by Matthew Hall. + +** libgnutls: Cryptodev updates and fixes. + +** libgnutls: Corrected issue with select() that affected +FreeBSD. This prevented establishing DTLS sessions. +Reported by Andreas Metzler. + +** libgnutls: Corrected rehandshake and resumption +operations in DTLS. Reported by Sean Buckheister. + +** libgnutls: PKCS #11 objects that do not have ID +no longer crash listing. Reported by Sven Geggus. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.14 (released 2012-02-24) + +** command line apps: Included libopts doesn't get installed +by default. + +** libgnutls: Eliminate double free on wrongly formatted +certificate list. Reported by Remi Gacogne. + +** libgnutls: cryptodev code corrected, updated to account +for hashes and GCM mode. + +** libgnutls: Eliminated memory leak in PCKS #11 initialization. +Report and fix by Sam Varshavchik. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.13 (released 2012-02-18) + +** gnutls-cli: added the --ocsp option which will verify +the peer's certificate with OCSP. + +** gnutls-cli: added the --tofu option and if specified, gnutls-cli +will use an ssh-style authentication method. + +** gnutls-cli: if no --x509cafile is provided a default is +assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. + +** ocsptool: Added --ask parameter, to verify a certificate's +status from an ocsp server. + +** command line apps: Use gnu autogen (libopts) to parse command +line arguments and template files. + +** tests: Added stress test for DTLS packet losses and +out-of-order receival. Contributed by Sean Buckheister. + +** libgnutls: Several updates and corrections in the DTLS +DTLS lost packet handling and retransmission timeouts. +Report and patches by Sean Buckheister. + +** libgnutls: Added new functions to easily allow the usage of +a trust on first use (SSH-style) authentication. + +** libgnutls: SUITEB128 and SUITEB192 priority strings account +for the RFC6460 requirements. + +** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY +to account for security level of 96-bits. + +** libgnutls: In client side if server does not advertise any +known CAs and only a single certificate is set in the credentials, +sent that one. + +** libgnutls: Added functions to parse authority key identifiers +when stored as a 'general name' and serial combo. + +** libgnutls: Added function to force explicit reinitialization +of PKCS #11 modules. This is required on the child process after +a fork (if PKCS #11 functionality is desirable). + +** libgnutls: Depend on p11-kit 0.11. + +** API and ABI modifications: +gnutls_dtls_get_timeout: Added +gnutls_verify_stored_pubkey: Added +gnutls_store_pubkey: Added +gnutls_store_commitment: Added +gnutls_x509_crt_get_authority_key_gn_serial: Added +gnutls_x509_crl_get_authority_key_gn_serial: Added +gnutls_pkcs11_reinit: Added +gnutls_ecc_curve_list: Added +gnutls_priority_certificate_type_list: Added +gnutls_priority_sign_list: Added +gnutls_priority_protocol_list: Added +gnutls_priority_compression_list: Added +gnutls_priority_ecc_curve_list: Added +gnutls_tdb_init: Added +gnutls_tdb_set_store_func: Added +gnutls_tdb_set_store_commitment_func: Added +gnutls_tdb_set_verify_func: Added +gnutls_tdb_deinit: Added + + +* Version 3.0.12 (released 2012-01-20) + +** libgnutls: Added OCSP support. +There is a new header file gnutls/ocsp.h and a set of new functions +under the gnutls_ocsp namespace. Currently the functionality provided +is to parse and extract information from OCSP requests/responses, to +generate OCSP requests and to verify OCSP responses. See the manual +for more information. Run ./configure with --disable-ocsp to build +GnuTLS without OCSP support. + +This work was sponsored by Smoothwall . + +** ocsptool: Added new command line tool. +The tool can parse OCSP request/responses, generate OCSP requests and +verify OCSP responses. See the manual for more information. + +** certtool: --outder option now works for private +and public keys as well. + +** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET +to warn when no or insufficient priorities were set. + +** libgnutls: Corrected an alignment issue in ECDH +key generation which prevented some keys from being +correctly aligned in rare circumstances. + +** libgnutls: Corrected memory leaks in DH parameter +generation and ecc_projective_check_point(). + +** libgnutls: Added gnutls_x509_dn_oid_name() to +return a descriptive name of a DN OID. + +** API and ABI modifications: +gnutls_pubkey_encrypt_data: Added +gnutls_x509_dn_oid_name: Added +gnutls_session_resumption_requested: Added +gnutls/ocsp.h: Added new header file. +gnutls_ocsp_print_formats_t: Added new type. +gnutls_ocsp_resp_status_t: Added new type. +gnutls_ocsp_cert_status_t: Added new type. +gnutls_x509_crl_reason_t: Added new type. +gnutls_ocsp_req_add_cert: Added. +gnutls_ocsp_req_add_cert_id: Added. +gnutls_ocsp_req_deinit: Added. +gnutls_ocsp_req_export: Added. +gnutls_ocsp_req_get_cert_id: Added. +gnutls_ocsp_req_get_extension: Added. +gnutls_ocsp_req_get_nonce: Added. +gnutls_ocsp_req_get_version: Added. +gnutls_ocsp_req_import: Added. +gnutls_ocsp_req_init: Added. +gnutls_ocsp_req_print: Added. +gnutls_ocsp_req_randomize_nonce: Added. +gnutls_ocsp_req_set_extension: Added. +gnutls_ocsp_req_set_nonce: Added. +gnutls_ocsp_resp_deinit: Added. +gnutls_ocsp_resp_export: Added. +gnutls_ocsp_resp_get_certs: Added. +gnutls_ocsp_resp_get_extension: Added. +gnutls_ocsp_resp_get_nonce: Added. +gnutls_ocsp_resp_get_produced: Added. +gnutls_ocsp_resp_get_responder: Added. +gnutls_ocsp_resp_get_response: Added. +gnutls_ocsp_resp_get_signature: Added. +gnutls_ocsp_resp_get_signature_algorithm: Added. +gnutls_ocsp_resp_get_single: Added. +gnutls_ocsp_resp_get_status: Added. +gnutls_ocsp_resp_get_version: Added. +gnutls_ocsp_resp_import: Added. +gnutls_ocsp_resp_init: Added. +gnutls_ocsp_resp_print: Added. +gnutls_ocsp_resp_verify: Added. + +* Version 3.0.11 (released 2012-01-06) + +** libgnutls: Corrected functionality of +gnutls_record_get_direction(). Reported by Philip Allison. + +** libgnutls: Provide less timing information when decoding +TLS/DTLS record packets. Patch by Nadhem Alfardan. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.10 (released 2012-01-04) + +** gnutls-cli/serv: Set don't fragment bit in DTLS sessions +in Linux as well as in BSD. + +** gnutls-cli: Fixed reading from windows terminals. + +** libgnutls: When GNUTLS_OPENPGP_FMT_BASE64 is specified +the stream is assumed to be base64 encoded (previously +the encoding was auto-detected). This avoids a decoding +issue in windows systems. + +** libgnutls: Corrected ciphersuite GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 + +** libgnutls: Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384 +and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384. + +** libgnutls: Added function gnutls_random_art() to convert +fingerprints to images (currently ascii-art). + +** libgnutls: Corrected bug in DSA private key parsing, which +prevented the verification of the key. + +** API and ABI modifications: +gnutls_random_art: Added + + +* Version 3.0.9 (released 2011-12-13) + +** certtool: Added new parameter --dh-info. + +** certtool: -l option was overloaded so if combined with --priority +it will only list the ciphersuites that are enabled by the given +priority string. + +** libgnutls: Added new priority string %SERVER_PRECEDENCE, which +changes the ciphersuite selection procedure. If specified the server +priorities will be used for selection instead of the client's. + +** libgnutls: Optimizations in Diffie-Hellman parameters generation +and key exchange. + +** libgnutls: When session tickets are negotiated and used in a +session, a server will not store that session data into its cache. + +** libgnutls: Added the SECP192R1 curve. + +** libgnutls: Added gnutls_priority_get_cipher_suite_index() to +allow listing the ciphersuites enabled in a priority structure. +It outputs an index to be used in gnutls_get_cipher_suite_info(). + +** libgnutls: Optimizations in the elliptic curve code --timing +attacks resistant code is only used in ECDSA private key operations. + +** doc: man pages for API functions generation was fixed and are +now added again in the distribution. + +** API and ABI modifications: +GNUTLS_ECC_CURVE_SECP192R1: New curve definition +gnutls_priority_get_cipher_suite_index: Added + + +* Version 3.0.8 (released 2011-11-12) + +** certtool: Certtool -e returns error code on verification +failure. + +** certtool: Verifies parameters of generated keys. + +** libgnutls: Corrected ECC key generation (introduced in 3.0.6) + +** libgnutls: Provide less timing information when decoding +TLS/DTLS record packets. + +** doc: man pages for API functions were removed. +The reason was that the code that auto-generated the man pages missed +many APIs and we couldn't fix it (volunteers welcome). See the info +manual or the GTK-DOC manual instead. + +** API and ABI modifications: +gnutls_x509_privkey_verify_params: Added + + +* Version 3.0.7 (released 2011-11-08) + +** libgnutls: Corrected fix in gnutls_session_get_data() +to report the actual session size when the provided buffer +is not enough. + +** libgnutls: Fixed ciphersuite GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, +which was using a wrong MAC algorithm. Reported by Fabrice Gautier. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.6 (released 2011-11-07) + +** gnutls-guile: Compilation fixes. + +** libgnutls: Fixed possible buffer overflow in +gnutls_session_get_data(). Reported and fix by Alban Crequy. + +** libgnutls: Bug fixes in the ciphersuites with NULL cipher. +Reported by Fabrice Gautier. + +** libgnutls: Bug fixes in ECC code for 64-bit MIPS systems. +Thanks to Joseph Graham for providing access to such a system. + +** libgnutls: Correctly report ECC private key parsing errors. +Reported by Fabrice Gautier. + +** libgnutls: In ECDHE verify that the received point lies on +the selected curve. The ECDHE ciphersuites now take precendence +to plain DHE. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.5 (released 2011-10-27) + +** libgnutls-extra: is no more + +** libgnutls: Corrections in order to compile with mingw32. + +** libgnutls: Corrections in VIA padlock code for VIA C5 processor +and new detection of PHE with support for partial hashing. + +** libgnutls: Corrected bug in gnutls_x509_data2hex. Report and fix +by Vincent Untz. + +** minitasn1: Upgraded to libtasn1 version 2.10. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.4 (released 2011-10-15) + +** libgnutls-extra: gnutls_register_md5_handler() was +removed. + +** gnutls-cli-debug: Added more tests including AES-GCM, +SHA256 and elliptic curves. + +** gnutls-cli: Added --benchmark-soft-ciphers to benchmark +the software version of the ciphers instead of hw accelerated +(where available) + +** libgnutls: Public key ID calculation is consistent among +all structures. It uses a SHA-1 hash of the subjectPublicKeyInfo. + +** libgnutls: gnutls_privkey_t allows setting external callback +to perform signing or decryption. Can be set using +gnutls_privkey_import_ext() + +** libgnutls: A certificate credentials structure can be +used with a gnutls_privkey_t and a gnutls_pcert_st +structure using gnutls_certificate_set_key(). + +** libgnutls: Fixes to enable external signing callback to +operate with TLS 1.2. + +** libgnutls: Fixed crash when printing ECDSA certificate key +ID. Reported by Erik Jensen. + +** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks +show a 50x increase in AES speed and a 14x increase in VIA nano. Added +support for hashes and HMACs. + +** libgnutls: Compilation fixed when p11-kit is not detected. + +** libgnutls: Fixed the deflate compression code. + +** libgnutls: Added gnutls_x509_crt_get_authority_info_access. +Used to get the PKIX Authority Information Access (AIA) field. + +** libgnutls: gnutls_x509_crt_print supports printing AIA fields. + +** libgnutls: Added ability to gnutls_privkey_t to operate with +signing callback function. + +** API and ABI modifications: +gnutls_x509_crt_get_authority_info_access (x509.h): Added function. +gnutls_privkey_import_ext: Added function. +gnutls_certificate_set_key: Added function. +gnutls_info_access_what_t (x509.h): Added enum. +GNUTLS_OID_AIA (x509.h): Added symbol. +GNUTLS_OID_AD_OCSP (x509.h): Added symbol. +GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol. + +* Version 3.0.3 (released 2011-09-18) + +** libgnutls: Added gnutls_record_get_discarded() to return the +number of discarded records in a DTLS session. + +** libgnutls: All functions related to RSA-EXPORT were deprecated. +Support for RSA-EXPORT ciphersuites will be ceased in future versions. + +** libgnutls: Memory leak fixes in credentials private key +deinitialization. Reported by Dan Winship. + +** libgnutls: Memory leak fixes in ECC ciphersuites. + +** libgnutls: Do not send an empty extension structure in server +hello. This affected old implementations that do not support extensions. +Reported by J. Cameijo Cerdeira. + +** libgnutls: Allow CA importing of 0 certificates to succeed. +Reported by Jonathan Nieder in +. + +** libgnutls: Added support for VIA padlock AES optimizations. +(disabled by default) + +** libgnutls: Added support for elliptic curves in +PKCS #11. + +** libgnutls: Added gnutls_pkcs11_privkey_generate() +to allow generating a key in a token. + +** p11tool: Added generate-rsa, generate-dsa and +generate-ecc options to allow generating private +keys in the token. + +** libgnutls: gnutls_transport_set_lowat dummy macro was +removed. + +** API and ABI modifications: +gnutls_pkcs11_privkey_generate: Added +gnutls_pubkey_import_ecc_raw: Added +gnutls_pubkey_import_ecc_x962: Added +gnutls_pubkey_get_pk_ecc_x962: Added +gnutls_record_get_discarded: Added + + +* Version 3.0.2 (released 2011-09-01) + +** libgnutls: OpenPGP certificate type is not enabled +by default. + +** libgnutls: Added %NO_EXTENSIONS priority string. + +** libgnutls: Corrected issue in gnutls_record_recv() +triggered on encryption or compression error. + +** libgnutls: Compatibility fixes in CPU ID detection +for i386 and old GCC. + +** gnutls-cli: Benchmark applications were incorporated +with it. + +** libgnutls: Corrected parsing of XMPP subject +alternative names. + +** libgnutls: Allow for out-of-order ChangeCipherSpec +message in DTLS. + +** libgnutls: gnutls_certificate_set_x509_key() and +gnutls_certificate_set_openpgp_key() operate as in 2.10.x +and allow the release of the private key during the +lifetime of the certificate structure. + +** API and ABI modifications: +GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag + + +* Version 3.0.1 (released 2011-08-20) + +** libgnutls: gnutls_certificate_set_x509_key_file() and +friends support server name indication. If multiple +certificates are set using these functions the proper one +will be selected during a handshake. + +** libgnutls: Added AES-256-GCM which was left out from +the previous release. Reported by Benjamin Hof. + +** libgnutls: When asking for a PKCS# 11 PIN multiple +times, the flags in the callback were not being updated +to reflect for PIN low count or final try. + +** libgnutls: Do not allow second instances of PKCS #11 +modules. + +** libgnutls: fixed alignment issue in AES-NI code. + +** libgnutls: The config file at gnutls_pkcs11_init() +is being read if provided. + +** libgnutls: Ensure that a certificate list specified +using gnutls_certificate_set_x509_key() and friends, is +sorted according to TLS specification (from subject to issuer). + +** libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for +gnutls_x509_crt_list_import. It checks whether the list to be +imported is properly sorted. + +** crywrap: Added to the distribution. It is an application +that proxies TLS session to a port using a plaintext service. + +** doc: Many GTK-DOC improvements. + +** i18n: Translations were updated. + +** API and ABI modifications: +GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: New element in gnutls_certificate_import_flags +GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback + + +* Version 3.0.0 (released 2011-07-29) + +** libgnutls: writev_emu: stop on the first incomplete write. Patch by +Sjoerd Simons. + +** libgnutls: Fix zlib handling in gnutls.pc. Patch by Andreas +Metzler. + +** certtool: bug fixes in certificate request generation. Patch +by Petr Písař. + +** API and ABI modifications: +gnutls_pcert_list_import_x509_raw: ADDED + + +* Version 2.99.4 (released 2011-07-23) + +** doc: documentation updates. + +** libgnutls: gnutls_rsa_params_t is now identical to gnutls_x509_privkey_t +to avoid thread-safety issues. Reported by Sam Varshavchik. + +** libgnutls: Added compatibility mode with /etc/gnutls/pkcs11.conf + +** libgnutls: license upgraded to LGPLv3 + +** libgnutls: gnutls_srp_verifier() returns data allocated with gnutls_malloc() +for consistency. + +** API and ABI modifications: +No changes since last version. + + +* Version 2.99.3 (released 2011-06-18) + +** libgnutls: Added new PKCS #11 flags to force an object being private or +not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) + +** libgnutls: Added SUITEB128 and SUITEB192 priority +strings to enable the NSA SuiteB cryptography ciphersuites. + +** libgnutls: Added gnutls_pubkey_verify_data2() that will +verify data provided the signature algorithm. + +** libgnutls: Simplified the handling of handshake messages to +be hashed. Instead of hashing during the handshake process we now +keep the data until handshake is over and hash them on request. +This uses more memory but eliminates issues with TLS 1.2 and +simplifies code. + +** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ +instruction. Uses Andy Polyakov's assembly code. + +** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and +gnutls_x509_trust_list_verify_named_crt() that allow having a +list of certificates in the trusted list that will be associated +with a name (e.g. server name) and will not be used as CAs. + +** libgnutls: PKCS #11 back-end rewritten to use p11-kit +http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by +Stef Walter. + +** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489). + +** API and ABI modifications: +gnutls_pubkey_verify_data2: ADDED +gnutls_ecc_curve_get: ADDED +gnutls_x509_trust_list_add_named_crt: ADDED +gnutls_x509_trust_list_verify_named_crt: ADDED +gnutls_x509_privkey_verify_data: REMOVED +gnutls_crypto_bigint_register: REMOVED +gnutls_crypto_cipher_register: REMOVED +gnutls_crypto_digest_register: REMOVED +gnutls_crypto_mac_register: REMOVED +gnutls_crypto_pk_register: REMOVED +gnutls_crypto_rnd_register: REMOVED +gnutls_crypto_single_cipher_register: REMOVED +gnutls_crypto_single_digest_register: REMOVED +gnutls_crypto_single_mac_register: REMOVED +GNUTLS_KX_ECDHE_PSK: New key exchange method +GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag. +GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag. +GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag. + + +* Version 2.99.2 (released 2011-05-26) + +** libgnutls: Added Elliptic curve support. This is not +enabled by default. Requires priority strings: ++CURVE-ALL: to add all supported curves ++ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate ++ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate ++ANON-ECDHE: to add anonymous ECDH + +** libgnutls: PKCS #11 URLs conform to the latest draft +being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04. + +** certtool: Can now load private keys and public keys from PKCS #11 tokens +via URLs. + +** libgnutls: Added gnutls_global_set_audit_log_function() that allows +to get important auditing information including the corresponding session. +That might be useful to block DoS or other attacker from specific IPs. + +** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read +the public key algorithm of the key. + +** libgnutls: Added gnutls_certificate_get_issuer() and +gnutls_x509_trust_list_get_issuer() to compensate for the +missing gnutls_certificate_get_x509_cas(). + +** libgnutls: Added gnutls_x509_crq_verify() to allow +verification of the self signature in a certificate request. +This allows verifying whether the owner of the private key +is the generator of the request. + +** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies +the self signature of the request. + +** API and ABI modifications: +gnutls_certificate_get_issuer: ADDED +gnutls_x509_trust_list_get_issuer: ADDED +gnutls_x509_crq_verify: ADDED +gnutls_global_set_audit_log_function: ADDED +gnutls_ecc_curve_get_name: ADDED +gnutls_ecc_curve_get_size: ADDED +gnutls_x509_privkey_import_ecc_raw: ADDED +gnutls_x509_privkey_export_ecc_raw: ADDED +gnutls_global_set_time_function: ADDED + +GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code +GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code +GNUTLS_KX_ECDHE_RSA: New key exchange method +GNUTLS_KX_ECDHE_ECDSA: New key exchange method +GNUTLS_KX_ANON_ECDH: New key exchange method +GNUTLS_PK_ECC: New public key algorithm +GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm +GNUTLS_ECC_CURVE_INVALID: New curve definition +GNUTLS_ECC_CURVE_SECP224R1: New curve definition +GNUTLS_ECC_CURVE_SECP256R1: New curve definition +GNUTLS_ECC_CURVE_SECP384R1: New curve definition +GNUTLS_ECC_CURVE_SECP521R1: New curve definition + + +* Version 2.99.1 (released 2011-04-23) + +** libgnutls: LZO support was removed. + +** libgnutls: Corrections in SSLv2 client hello parsing. + +** libgnutls: Added support for AES-NI if detected. Uses +Andy Polyakov's AES-NI code. + +** libgnutls: Restored HMAC-MD5 for compatibility. Although considered +weak, several sites require it for connection. It is enabled for +"NORMAL" and "PERFORMANCE" priority strings. + +** libgnutls: depend on libdl. + +** libgnutls-extra: Dropped support of LZO compression via liblzo. + +** libgnutls: gnutls_transport_set_global_errno() was removed. This +function required GnuTLS to access system specific data, for no reason. +Use gnutls_transport_set_errno(), or your system's errno fascility +instead. + +** libgnutls: Added gnutls_certificate_set_retrieve_function2() +to set a callback to retrieve a certificate. The certificate is +received in a format that requires no processing from gnutls thus +it is suitable when performance is required. + +** API and ABI modifications: +gnutls_transport_set_global_errno: REMOVED +gnutls_certificate_set_retrieve_function2: ADDED + +* Version 2.99.0 (released 2011-04-09) + +** libgnutls: Added Datagram TLS support. + +** libgnutls: Uses a single configure file and a single +gnulib library to save space. + +** libgnutls: Several bug fixes. + +** libgnutls: gnutls_transport_set_lowat() is no more. + +** libgnutls-openssl: modified to use modern gnutls' functions. +This introduces an ABI incompatibility with previous versions. + +** libgnutls: Corrected signature generation and verification +in the Certificate Verify message when in TLS 1.2. Reported +by Todd A. Ouska. + +** libgnutlsxx: The C++ interface returns exception on +every error and not only on fatal ones. This allows easier +handling of errors. + +** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored +the PSK callback. + +** libgnutls: SRP and PSK are no longer set on the default priorities. +They have to be explicitly set. + +** libgnutls: During handshake message verification using DSS +use the hash algorithm required by it. + +** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION +on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. + +** libgnutls: Added GCM mode (interoperates with tls.secg.org) + +** libgnutls-extra: Inner application extension was removed. +It was never standardized nor published as an RFC. + +** libgnutls: Added new certificate verification functions, that +can provide more details and are more efficient. Check +gnutls_x509_trust_list_*. + +** certtool: Uses the new certificate verification functions for +--verify-chain. + +** certtool: Added new certificate verification functionality +using the --verify option. Combined with --load-ca-certificate +it can verify a certificate chain against a list of certificates. + +** Several files unnecessarily included ; this has been fixed. + +** API and ABI modifications: +gnutls_dtls_set_timeouts: ADDED +gnutls_dtls_get_mtu: ADDED +gnutls_dtls_get_data_mtu: ADDED +gnutls_dtls_set_mtu: ADDED +gnutls_dtls_cookie_send: ADDED +gnutls_dtls_cookie_verify: ADDED +gnutls_dtls_prestate_set: ADDED +gnutls_x509_trust_list_verify_crt: ADDED +gnutls_x509_trust_list_add_crls: ADDED +gnutls_x509_trust_list_add_cas: ADDED +gnutls_x509_trust_list_init: ADDED +gnutls_x509_trust_list_deinit: ADDED +gnutls_cipher_add_auth: ADDED +gnutls_cipher_tag: ADDED +gnutls_psk_netconf_derive_key: REMOVED +gnutls_certificate_verify_peers: REMOVED +gnutls_session_set_finished_function: REMOVED +gnutls_ext_register: REMOVED +gnutls_certificate_get_x509_crls: REMOVED +gnutls_certificate_get_x509_cas: REMOVED +gnutls_certificate_get_openpgp_keyring: REMOVED +gnutls_session_get_server_random: REMOVED +gnutls_session_get_client_random: REMOVED +gnutls_session_get_master_secret: REMOVED +gnutls_ia_allocate_client_credentials: REMOVED +gnutls_ia_allocate_server_credentials: REMOVED +gnutls_ia_enable: REMOVED +gnutls_ia_endphase_send: REMOVED +gnutls_ia_extract_inner_secret: REMOVED +gnutls_ia_free_client_credentials: REMOVED +gnutls_ia_free_server_credentials: REMOVED +gnutls_ia_generate_challenge: REMOVED +gnutls_ia_get_client_avp_ptr: REMOVED +gnutls_ia_get_server_avp_ptr: REMOVED +gnutls_ia_handshake: REMOVED +gnutls_ia_handshake_p: REMOVED +gnutls_ia_permute_inner_secret: REMOVED +gnutls_ia_recv: REMOVED +gnutls_ia_send: REMOVED +gnutls_ia_set_client_avp_function: REMOVED +gnutls_ia_set_client_avp_ptr: REMOVED +gnutls_ia_set_server_avp_function: REMOVED +gnutls_ia_set_server_avp_ptr: REMOVED +gnutls_ia_verify_endphase: REMOVED + + +* Version 2.12.2 (released 2011-04-08) + +** libgnutls: Several updates and fixes for win32. Patches by LRN. + +** libgnutls: Several bug and memory leak fixes. + +** srptool: Accepts the -d option to enable debugging. + +** libgnutls: Corrected bug in gnutls_srp_verifier() that prevented +the allocation of a verifier. Reported by Andrew Wiseman. + +** API and ABI modifications: +No changes since last version. + + +* Version 2.12.1 (released 2011-04-02) + +** certtool: Generated certificate request with stricter permissions. +Reported by Luca Capello. + +** libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. + +** libgnutls: Corrected windows system_errno() function prototype. + +** libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. + +** libgnutls: Fix size of gnutls_openpgp_keyid_t by using the +GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler. + +** API and ABI modifications: +No changes since last version. + + + + +* Version 2.12.0 (released 2011-03-24) + +** certtool: Warns on generation of DSA keys of over 1024 bits, about +the incompatibility with TLS other than 1.2. + +** libgnutls: Modified signature algorithm selection in client +certificate request, to avoid failures in DSA certificates. + +** libgnutls: Instead of failing with internal error, return +GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA +key with the negotiated protocol is encountered. + +** libgnutls: Bug fixes in the RSA ciphersuite behavior with openpgp keys. + +** libgnutls: Force state update when fork is detected in the nettle +rng. + +** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred +subkey instead of setting explicitly one. + +** libgnutls: Corrected default behavior in record version of Client Hellos. + +** libgnutls-openssl: modified to use modern gnutls' functions. +This introduces an ABI incompatibility with previous versions. + +** API and ABI modifications: +gnutls_pubkey_import_openpgp: MODIFIED + + +* Version 2.11.7 + +** libgnutls: The deprecated gnutls_x509_privkey_sign_hash() was +replaced by gnutls_privkey_sign_hash2(). + +** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash, +gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data, +gnutls_x509_crt_verify_hash return the negative error code +GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error +checking. + +** libgnutls: Added helper functions for signature verification: +gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey(). + +** libgnutls: Modified gnutls_privkey_sign_data(). + +** gnutls_x509_crl_privkey_sign2(), gnutls_x509_crq_sign2() +gnutls_x509_privkey_sign_hash(), gnutls_x509_privkey_sign_data(), +gnutls_x509_crt_verify_hash(), gnutls_x509_crt_verify_data(), were +deprecated for gnutls_x509_crl_privkey_sign(), +gnutls_x509_crq_privkey_sign(), gnutls_privkey_sign_hash(), +gnutls_privkey_sign_data(), gnutls_pubkey_verify_hash() +gnutls_pubkey_verify_data() respectively. + +** libgnutls: gnutls_*_export_raw() functions now add leading zero in +integers. + +** libgnutls: Added convenience functions gnutls_x509_crl_list_import2() +and gnutls_x509_crt_list_import2(). + +** crypto.h: Fix use with C++. +Reported by "Brendan Doherty" . + +** API and ABI modifications: +gnutls_x509_crl_list_import: ADDED +gnutls_x509_crl_list_import2: ADDED +gnutls_x509_crt_list_import2: ADDED +gnutls_x509_crl_get_raw_issuer_dn: ADDED +gnutls_pubkey_import_privkey: ADDED +gnutls_pubkey_verify_data: ADDED +gnutls_privkey_sign_hash: MODIFIED (was added in 2.11.0) +gnutls_privkey_sign_data: MODIFIED (was added in 2.11.0) +gnutls_x509_crq_sign2: DEPRECATED (use: gnutls_x509_crq_privkey_sign) +gnutls_x509_crq_sign: DEPRECATED (use: gnutls_x509_crq_privkey_sign) +gnutls_x509_crq_get_preferred_hash_algorithm: REMOVED (was added in 2.11.0) +gnutls_x509_crl_sign: DEPRECATED (use: gnutls_x509_crl_privkey_sign) +gnutls_x509_crl_sign2: DEPRECATED (use: gnutls_x509_crl_privkey_sign) +gnutls_x509_privkey_sign_data: DEPRECATED (use: gnutls_privkey_sign_data2) +gnutls_x509_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2) +gnutls_x509_privkey_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data) +gnutls_session_set_finished_function: DEPRECATED +gnutls_x509_crt_verify_hash: DEPRECATED (use: gnutls_pubkey_verify_hash) +gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data) +gnutls_x509_crt_get_verify_algorithm: DEPRECATED (use: gnutls_pubkey_get_verify_algorithm) +gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED (use: gnutls_pubkey_get_preferred_hash_algorithm) +gnutls_openpgp_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2) +gnutls_pkcs11_privkey_sign_hash: REMOVED (was added in 2.11.0) +gnutls_pkcs11_privkey_decrypt_data: REMOVED (was added in 2.11.0) +gnutls_privkey_sign_hash: REMOVED (was added in 2.11.0) + +* Version 2.11.6 (released 2010-12-06) + +** libgnutls: Record version of Client Hellos is now set by default to +SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION +priority string. + +** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. +This makes us comply with RFC3279. Reported by Michael Rommel. + +** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. + +** API and ABI modifications: +No changes since last version. + +* Version 2.11.5 (released 2010-12-01) + +** libgnutls: Reverted default behavior for verification and +introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default +V1 trusted CAs are allowed, unless the new flag is specified. + +** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key. +Reported by Jeffrey Walton. + +** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL +as priority strings. Those allow to set all the supported algorithms +at once. + +** p11tool: Introduced. It allows manipulating pkcs 11 tokens. + +** gnutls-cli: Print channel binding only in verbose mode. +Before it printed it after the 'Compression:' output, thus breaking +Emacs starttls.el string searches. + +** API and ABI modifications: +gnutls_pkcs11_token_init: New function +gnutls_pkcs11_token_set_pin: New function + +* Version 2.11.4 (released 2010-10-15) + +** libgnutls: Add new API gnutls_session_channel_binding. +The function is used to get the channel binding data. Currently only +the "tls-unique" (RFC 5929) channel binding type is supported, through +the GNUTLS_CB_TLS_UNIQUE type. See new section "Channel Bindings" in +the manual. + +** gnutls-cli, gnutls-serv: Print 'tls-unique' Channel Bindings. + +** doc: Added pkcs11.h header file to GTK-DOC manual. + +** build: Update gnulib files. + +** i18n: Update translations. + +** tests: Add self tests gendh.c. Speed up Guile self checks. + +** API and ABI modifications: +gnutls_session_channel_binding: New function. +gnutls_channel_binding_t: New enumeration. +GNUTLS_CB_TLS_UNIQUE: New gnutls_channel_binding_t enum member. +GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE: New error code. + +* Version 2.11.3 (released 2010-10-14) + +** Indent code to follow the GNU Coding Standard. +You should be able to unpack the 2.11.2 release and run 'make indent' +twice to get exactly the same content as 2.11.3 except for generated +files. Using GNU Indent 2.2.11. + +** API and ABI modifications: +No changes since last version. + +* Version 2.11.2 (released 2010-10-08) + +** libgnutls: Several bug fixes on session resumption +and session tickets support. + +** libgnutls: Add new extended key usage ipsecIKE. + +** certtool: Renamed PKCS #11 options to: --p11-provider, +--p11-export-url, --p11-list-certs, --p11-list-certs, +--p11-list-privkeys, --p11-list-trusted, --p11-list-all-certs, +--p11-list-all, --p11-list-tokens, --p11-login, --p11-write, +--p11-write-label, --p11-write-trusted, --p11-detailed-url, +--p11-delete-url + +** libgnutls: Corrected bug that caused importing DSA keys as RSA, +introduced with the new nettle code. + +** libgnutls: Corrected advertizing issue for session tickets. + +** API and ABI modifications: +gnutls_x509_crt_get_subject_unique_id: ADDED. +gnutls_x509_crt_get_issuer_unique_id: ADDED. + +* Version 2.11.1 (released 2010-09-14) + +** libgnutls: Nettle is the default crypto back end. Use --with-libgcrypt +to use the libgcrypt back end. + +** libgnutls: Depend on nettle 2.1. This makes nettle a fully working +backend crypto library. + +** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites. + +** libgnutls: Several updates in the buffering internal interface. + +** libgnutls: Is now more liberal in the PEM decoding. That is spaces and +tabs are being skipped. + +** libgnutls: Added support for draft-pechanec-pkcs11uri-02. + +** libgnutls: The %COMPAT flag now allows larger records that violate the +TLS spec. + +** libgnutls: by default lowat level has been set to zero to avoid unnecessary +system calls. Applications that depended on it being 1 should explicitly call +gnutls_transport_set_lowat(). + +** libgnutls: Updated documentation and gnutls_pk_params_t mappings +to ECRYPT II recommendations. Mappings were moved to a single location +and DSA keys are handled differently (since DSA2 allows for 1024,2048 +and 3072 keys only). + +** libgnutls: gnutls_x509_privkey_import() will fallback to +gnutls_x509_privkey_import_pkcs8() without a password, if it +is unable to decode the key. + +** libgnutls: HMAC-MD5 no longer used by default. + +** API and ABI modifications: +gnutls_openpgp_privkey_sec_param: ADDED +gnutls_x509_privkey_sec_param: ADDED + +* Version 2.11.0 (released 2010-07-22) + +** libgnutls: support scattered write using writev(). This takes +advantage of the new buffering layer and allows queuing of packets +and flushing them. This is currently used for handshake messages +only. + +** libgnutls: Added gnutls_global_set_mutex() to allow setting +alternative locking procedures. By default the system available +locking is used. In *NIX pthreads are used and in windows the +critical section API. This follows a different approach than the +previous versions that depended on libgcrypt initialization. The +locks are now set by default in systems that support it. Programs +that used gcry_control() to set thread locks should insert it into +a block of +#if GNUTLS_VERSION_NUMBER <= 0x020b00 + gcry_control(...) +#endif + +** libgnutls: Added support for reading DN from EV-certificates. +New DN values: +jurisdictionOfIncorporationLocalityName, +jurisdictionOfIncorporationStateOrProvinceName, +jurisdictionOfIncorporationCountryName + +** libgnutls: Added support for DSA signing/verifying with bit +length over 1024. + +** libgnutls-extra: When in FIPS mode gnutls_global_init_extra() +has to be called to register any required md5 handlers. + +** libgnutls: Internal buffering code was replaced by simpler +code contributed by Jonathan Bastien-Filiatrault. + +** libgnutls: Internal API for extensions augmented to allow +safe storing and loading of data on resumption. This allows writing +self-contained extensions (when possible). As a side effect +the OPRFI extension was removed. + +** libgnutls: Added support for DSA-SHA256 and DSA-SHA224 + +** libgnutls: Added PKCS #11 support and an API to access objects in +gnutls/pkcs11.h. Currently certificates and public keys can be +imported from tokens, and operations can be performed on private keys. + +** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t + +** libgnutls: Added initial support for the nettle library. It uses +the system's random generator for seeding. That is /dev/urandom in Linux, +system calls in Win32 and EGD on other systems. + +** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now + works even when resuming a session. + +** libgnutls: Added gnutls_certificate_set_retrieve_function() to replace the +similar gnutls_certificate_set_server_retrieve_function() and +gnutls_certificate_set_client_retrieve_function(). In addition it support +PKCS #11 private keys. + +** libgnutls: Added gnutls_pkcs11_copy_x509_crt(), gnutls_pkcs11_copy_x509_privkey(), +and gnutls_pkcs11_delete_url() to allow copying and deleting data in tokens. + +** libgnutls: Added gnutls_sec_param_to_pk_bits() et al. to allow select bit +sizes for private keys using a human understandable scale. + +** certtool: Added new options: --pkcs11-list-tokens, --pkcs11-list-all +--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs, +--pkcs11-delete-url, --pkcs11-write + +certtool: The --pkcs-cipher is taken into account when generating a +private key. The default cipher used now is aes-128. The old behavior can +be simulated by specifying "--pkcs-cipher 3des-pkcs12". + +certtool: Added --certificate-pubkey to print the public key of the +certificate. + +** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile +can now accept a PKCS #11 URL in addition to a file. This will allow for +example to use the Gnome-keyring trusted certificate list to verify +connections using a url such as: +pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring + +** API and ABI modifications: +gnutls_certificate_set_server_retrieve_function: DEPRECATED +gnutls_certificate_set_client_retrieve_function: DEPRECATED +gnutls_sign_callback_set: DEPRECATED +gnutls_global_set_mutex: ADDED +gnutls_pubkey_get_preferred_hash_algorithm: ADDED +gnutls_x509_crt_get_preferred_hash_algorithm: ADDED +gnutls_x509_privkey_export_rsa_raw2: ADDED +gnutls_rnd: ADDED +gnutls_sec_param_to_pk_bits: ADDED +gnutls_pk_bits_to_sec_param: ADDED +gnutls_sec_param_get_name: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_certificate_set_retrieve_function: ADDED +gnutls_pkcs11_init: ADDED +gnutls_pkcs11_deinit: ADDED +gnutls_pkcs11_set_pin_function: ADDED +gnutls_pkcs11_set_token_function: ADDED +gnutls_pkcs11_add_provider: ADDED +gnutls_pkcs11_obj_init: ADDED +gnutls_pkcs11_obj_import_url: ADDED +gnutls_pkcs11_obj_export_url: ADDED +gnutls_pkcs11_obj_deinit: ADDED +gnutls_pkcs11_obj_export: ADDED +gnutls_pkcs11_obj_list_import_url: ADDED +gnutls_pkcs11_obj_export: ADDED +gnutls_x509_crt_import_pkcs11: ADDED +gnutls_pkcs11_obj_get_type: ADDED +gnutls_x509_crt_list_import_pkcs11: ADDED +gnutls_x509_crt_import_pkcs11_url: ADDED +gnutls_pkcs11_obj_get_info: ADDED +gnutls_pkcs11_token_get_info: ADDED +gnutls_pkcs11_token_get_url: ADDED +gnutls_pkcs11_privkey_init: ADDED +gnutls_pkcs11_privkey_deinit: ADDED +gnutls_pkcs11_privkey_get_pk_algorithm: ADDED +gnutls_pkcs11_privkey_get_info: ADDED +gnutls_pkcs11_privkey_import_url: ADDED +gnutls_pkcs11_privkey_sign_data: ADDED +gnutls_pkcs11_privkey_sign_hash: ADDED +gnutls_pkcs11_privkey_decrypt_data: ADDED +gnutls_privkey_init: ADDED +gnutls_privkey_deinit: ADDED +gnutls_privkey_get_pk_algorithm: ADDED +gnutls_privkey_get_type: ADDED +gnutls_privkey_import_pkcs11: ADDED +gnutls_privkey_import_x509: ADDED +gnutls_privkey_import_openpgp: ADDED +gnutls_privkey_sign_data: ADDED +gnutls_privkey_sign_hash: ADDED +gnutls_privkey_decrypt_data: ADDED +gnutls_pkcs11_privkey_export_url: ADDED +gnutls_x509_crq_privkey_sign: ADDED +gnutls_x509_crl_privkey_sign: ADDED +gnutls_x509_crt_privkey_sign: ADDED +gnutls_pubkey_init: ADDED +gnutls_pubkey_deinit: ADDED +gnutls_pubkey_get_pk_algorithm: ADDED +gnutls_pubkey_import_x509: ADDED +gnutls_pubkey_import_openpgp: ADDED +gnutls_pubkey_get_pk_rsa_raw: ADDED +gnutls_pubkey_get_pk_dsa_raw: ADDED +gnutls_pubkey_export: ADDED +gnutls_pubkey_get_key_id: ADDED +gnutls_pubkey_get_key_usage: ADDED +gnutls_pubkey_verify_hash: ADDED +gnutls_pubkey_get_verify_algorithm: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_pubkey_import_pkcs11_url: ADDED +gnutls_pubkey_import: ADDED +gnutls_pubkey_import_pkcs11: ADDED +gnutls_pubkey_import_dsa_raw: ADDED +gnutls_pubkey_import_rsa_raw: ADDED +gnutls_x509_crt_set_pubkey: ADDED +gnutls_x509_crq_set_pubkey: ADDED +gnutls_pkcs11_copy_x509_crt: ADDED +gnutls_pkcs11_copy_x509_privkey: ADDED +gnutls_pkcs11_delete_url: ADDED + +* Version 2.10.1 (released 2010-07-25) + +** libgnutls: Added support for broken certificates that indicate RSA +with strange OIDs. + +** gnutls-cli: Allow verification using V1 CAs. + +** libgnutls: gnutls_x509_privkey_import() will fallback to +gnutls_x509_privkey_import_pkcs8() without a password, if it +is unable to decode the key. + +** libgnutls: Correctly deinitialize crypto API functions to prevent +a memory leak. Reported by Mads Kiilerich. + +** certtool: If asked to generate DSA keys of size more than 1024 bits, +issue a warning, that the output key might not be working everywhere. + +** certtool: The --pkcs-cipher is taken into account when generating a +private key. The default cipher used now is aes-128. The old behavior +can be simulated by specifying "--pkcs-cipher 3des-pkcs12". + +** API and ABI modifications: +No changes since last version. + +* Version 2.10.0 (released 2010-06-25) + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.12 (released 2010-06-17) + +** gnutls-cli: Make --starttls work again. +Problem introduced in patch to use read() instead of fgets() committed +on 2010-01-27. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.11 (released 2010-06-07) + +** libgnutls: Removed two APIs related to safe renegotiation. +Use priority strings instead. The APIs were +gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set. +(Remember that we don't promise ABI stability during development +series, so this doesn't cause an shared library ABI increment.) + +** tests: More self testing of safe renegotiation extension. +See tests/safe-renegotiation/README for more information. + +** doc: a PDF version of the API reference manual (GTK-DOC) is now built. + +** doc: Terms 'GNUTLS' and 'GNU TLS' were changed to 'GnuTLS' for consistency. + +** API and ABI modifications: +gnutls_safe_negotiation_set_initial: REMOVED. +gnutls_safe_renegotiation_set: REMOVED. + +* Version 2.9.10 (released 2010-04-22) + +** libgnutls: Time verification extended to trusted certificate list. +Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is +specified. + +** certtool: Display postalCode and Name X.509 DN attributes correctly. +Based on patch by Pavan Konjarla. Adds new constant +GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME. + +** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746) +Solves the issue discussed in: + and +. +Note that to allow connecting to unpatched servers the full protection +is only enabled if the priority string %SAFE_RENEGOTIATION is +specified. You can check whether protection is in place by querying +gnutls_safe_renegotiation_status(). New error codes +GNUTLS_E_SAFE_RENEGOTIATION_FAILED and +GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added. + +** libgnutls: When checking openpgp self signature also check the signatures +** of all subkeys. +Ilari Liusvaara noticed and reported the issue and provided test +vectors as well. + +** libgnutls: Added cryptodev support (/dev/crypto). +Tested with http://www.logix.cz/michal/devel/cryptodev/. Added +benchmark utility for AES. Adds new error codes +GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR. + +** libgnutls: Exported API to access encryption and hash algorithms. +The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit, +gnutls_cipher_encrypt, gnutls_cipher_get_block_size, +gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast, +gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output, +gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast, +gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output. New API +constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224. + +** libgnutls: Added gnutls_certificate_set_verify_function() to allow +verification of certificate upon receipt rather than waiting until the +end of the handshake. + +** libgnutls: Don't send alerts during handshake. +Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added. + +** certtool: Corrected two issues that affected certificate request generation. +(1) Null padding is added on integers (found thanks to Wilankar Trupti), +(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA +parameters were added. Those were rejected by Verisign. Gnutls no longer adds +those parameters there since other implementations don't do either and having +them does not seem to offer anything (anyway you need the signer's certificate +to verify thus public key will be available). Found thanks to Boyan Kasarov. +This however has the side-effect that public key IDs shown by certtool are +now different than previous gnutls releases. +(3) the option --pgp-certificate-info will verify self signatures + +** certtool: Allow exporting of Certificate requests on DER format. + +** certtool: New option --no-crq-extensions to avoid extensions in CSRs. + +** gnutls-cli: Handle reading binary data from server. +Reported by and tiny patch from Vitaly Mayatskikh + in +. + +** minitasn1: Upgraded to libtasn1 version 2.6. + +** i18n: Updated Czech, Dutch, French, Polish, Swedish translation. +** Added Italian and Simplified Chinese translation. +Thanks to Petr Pisar, Erwin Poeze, Nicolas Provost, Jakub Bogusz, +Daniel Nylander, Sergio Zanchetta, Tao Wei, and Aron Xu. + +** doc: The GTK-DOC manual is significantly improved. + +** API and ABI modifications: +%DISABLE_SAFE_RENEGOTIATION: Added to priority strings (do not use). +%INITIAL_SAFE_RENEGOTIATION: Added to priority strings. +%UNSAFE_RENEGOTIATION: Added to priority strings. +GNUTLS_DIG_SHA224: ADDED. +GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED. +GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED. +GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED. +GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED. +GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED. +GNUTLS_MAC_SHA224: ADDED. +GNUTLS_OID_X520_NAME: ADDED. +GNUTLS_OID_X520_POSTALCODE: ADDED. +GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED. +GNUTLS_VERSION_MAX: ADDED. +gnutls_certificate_set_verify_function: ADDED. +gnutls_cipher_decrypt: ADDED. +gnutls_cipher_deinit: ADDED. +gnutls_cipher_encrypt: ADDED. +gnutls_cipher_get_block_size: ADDED. +gnutls_cipher_init: ADDED. +gnutls_hash: ADDED. +gnutls_hash_deinit: ADDED. +gnutls_hash_fast: ADDED. +gnutls_hash_get_len: ADDED. +gnutls_hash_init: ADDED. +gnutls_hash_output: ADDED. +gnutls_hmac: ADDED. +gnutls_hmac_deinit: ADDED. +gnutls_hmac_fast: ADDED. +gnutls_hmac_get_len: ADDED. +gnutls_hmac_init: ADDED. +gnutls_hmac_output: ADDED. +gnutls_safe_negotiation_set_initial: ADDED. +gnutls_safe_renegotiation_set: ADDED. +gnutls_safe_renegotiation_status: ADDED. + +* Version 2.9.9 (released 2009-11-09) + +** libgnutls: Cleanups and several bug fixes. +Found by Steve Grubb and Tomas Mraz. + +** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + +** Fix --disable-valgrind-tests. +Reported by Ingmar Vanhassel in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.8 (released 2009-11-05) + +** libgnutls: Fix for memory leaks on interrupted handshake. +Reported by Tang Tong. + +** libgnutls: Addition of support for TLS 1.2 signature algorithms +** extension and certificate verify field. +This requires changes for TLS 1.2 servers and clients that use +callbacks for certificate retrieval. They are now required to check +with gnutls_sign_algorithm_get_requested() whether the certificate +they send complies with the peer's preferences in signature +algorithms. + +** libgnutls: In server side when resuming a session do not overwrite the +** initial session data with the resumed session data. + +** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8 +** encryption. +This affects also PKCS #12 encoded files. This adds the following new +enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128, +GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256. + +** libgnutls: Fix PKCS#12 encoding. +The error you would get was "The OID is not supported.". Problem +introduced for the v2.8.x branch in 2.7.6. + +** certtool: Added the --pkcs-cipher option. +To explicitely specify the encryption algorithm to use. + +** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions. + +** tests: Fix time bomb in chainverify self-test. +Reported by Andreas Metzler in +. + +** tests: Fix expired cert in chainverify self-test. + +** i18n: Vietnamese translation updated. +Thanks to Clytie Siddall. + +** API and ABI modifications: +GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h. +GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h. +GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h. +GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h. +GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h. +GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h. +gnutls_sign_algorithm_get_requested: ADDED. + +* Version 2.9.7 (released 2009-10-06) + +** libgnutls: TLS 1.2 server mode fixes. +Now interoperates against Opera. Contributed by Daiki Ueno. + +** libgnutlsxx: Fix link problems. +Tiny patch from Boyan Kasarov . + +** guile: Compatibility with guile 2.x. +By Ludovic Courtes . + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.6 (released 2009-09-22) + +** libgnutls: Enable Camellia ciphers by default. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.5 (released 2009-09-10) + +** libgnutls: Add new functions to extract X.509 Issuer Alternative Names. +The new functions are gnutls_x509_crt_get_issuer_alt_name2, +gnutls_x509_crt_get_issuer_alt_name, and +gnutls_x509_crt_get_issuer_alt_othername_oid. Contributed by Brad +Hards . + +** API and ABI modifications: +gnutls_x509_crt_get_issuer_alt_name2: ADDED. +gnutls_x509_crt_get_issuer_alt_name: ADDED. +gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED. + +* Version 2.9.4 (released 2009-09-03) + +** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works. +The new supported ciphersuites are AES-128/256 in CBC mode with +ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further, +SHA-256 is now the preferred default MAC (however it is only used with +TLS 1.2). + +** libgnutls: Make OpenPGP hostname checking work again. +The patch to resolve the X.509 CN/SAN issue accidentally broken +OpenPGP hostname comparison. + +** libgnutls: When printing X.509 certificates, handle XMPP SANs better. +Reported by Howard Chu in +. + +** Fix use of deprecated types internally. +Use of deprecated types in GnuTLS from now on will lead to a compile +error, to prevent this from happening again. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.3 (released 2009-08-19) + +** libgnutls: Support for TLS tickets was contributed by Daiki Ueno. +The new APIs are gnutls_session_ticket_enable_client, +gnutls_session_ticket_enable_server, and +gnutls_session_ticket_key_generate. + +** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets. + +** API and ABI modifications: +gnutls_session_ticket_key_generate: ADDED. +gnutls_session_ticket_enable_client: ADDED. +gnutls_session_ticket_enable_server: ADDED. + +* Version 2.9.2 (released 2009-08-14) + +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger +for providing one part of the patch. [GNUTLS-SA-2009-4] [CVE-2009-2730]. + +** libgnutls: Fix rare failure in gnutls_x509_crt_import. +The function may fail incorrectly when an earlier certificate was +imported to the same gnutls_x509_crt_t structure. + +** minitasn1: Internal copy updated to libtasn1 v2.3. + +** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. +Before it always returned false. Reported by Peter Hendrickson + in +. + +** libgnutls: Fix off-by-one size computation error in unknown DN printing. +The error resulted in truncated strings when printing unknown OIDs in +X.509 certificate DNs. Reported by Tim Kosse + in +. + +** libgnutls: Fix PKCS#12 decryption from password. +The encryption key derived from the password was incorrect for (on +average) 1 in every 128 input for random inputs. Reported by "Kukosa, +Tomas" in +. + +** libgnutls: Return correct bit lengths of some MPIs. +gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and +gnutls_dh_get_peers_public_bits. Before the reported value was +overestimated. Reported by Peter Hendrickson in +. + +** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. +Report and patch by Tim Kosse in + +and +. + +** libgnutls: Relax checking of required libtasn1/libgcrypt versions. +Before we required that the runtime library used the same (or more +recent) libgcrypt/libtasn1 as it was compiled with. Now we just check +that the runtime usage is above the minimum required. Reported by +Marco d'Itri via Andreas Metzler + in . + +** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error. + +** tests: Improved test vectors in self-test pkcs12_s2k. + +** tests: Added new self-test dn2 to detect off-by-one size error. + +** tests: Fix failure in "chainverify" because a certificate have expired. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.1 (released 2009-06-08) + +** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. +Forwarded by Martin von Gagern from +. + +** tests: Added new self-tests init_roundtrip.c to detect previous problem. + +** Reduce stack usage for some CRQ functions. + +** Doc fixes for CRQ functions. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.0 (released 2009-05-28) + +** Doc fixes. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.6 (released 2010-03-15) + +** libgnutls: For CSRs, don't null pad integers for RSA/DSA value. +VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti + and Boyan Kasarov . + +Note: As a side effect of this change, the "public key identifier" +value computed for a certificate using this version of GnuTLS will be +different from values computed using earlier versions of GnuTLS. + +** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the +** optional SignatureAlgorithm parameter field. +VeriSign rejected these CSRs. They are stricly speaking not needed +since you need the signer's certificate to verify the certificate +signature anyway. Reported by Wilankar Trupti + and Boyan Kasarov . + +** libgnutls: When checking openpgp self signature also check the signatures +** of all subkeys. +Ilari Liusvaara noticed and reported the issue and provided test +vectors as well. + +** libgnutls: Cleanups and several bug fixes. +Found by Steve Grubb and Tomas Mraz. + +** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + +** Fix --disable-valgrind-tests. +Reported by Ingmar Vanhassel in +. + +** examples: Use the new APIs for printing X.509 certificate information. + +** Fix build failures on Solaris. +Thanks to Dagobert Michelsen . + +** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese +** translations. Added Simplified Chinese translation. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.5 (released 2009-11-02) + +** libgnutls: In server side when resuming a session do not overwrite the +** initial session data with the resumed session data. + +** libgnutls: Fix PKCS#12 encoding. +The error you would get was "The OID is not supported.". Problem +introduced for the v2.8.x branch in 2.7.6. + +** guile: Compatibility with guile 2.x. +By Ludovic Courtes . + +** tests: Fix expired cert in chainverify self-test. + +** tests: Fix time bomb in chainverify self-test. +Reported by Andreas Metzler in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.4 (released 2009-09-18) + +** libgnutls: Enable Camellia ciphers by default. + +** libgnutls: Make OpenPGP hostname checking work again. +The patch to resolve the X.509 CN/SAN issue accidentally broken +OpenPGP hostname comparison. + +** libgnutls: When printing X.509 certificates, handle XMPP SANs better. +Reported by Howard Chu in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.3 (released 2009-08-13) + +** libgnutls: Fix patch for NUL in CN/SAN in last release. +Code intended to be removed would lead to an read-out-bound error in +some situations. Reported by Tomas Hoger . A CVE +code have been allocated for the vulnerability: [CVE-2009-2730]. + +** libgnutls: Fix rare failure in gnutls_x509_crt_import. +The function may fail incorrectly when an earlier certificate was +imported to the same gnutls_x509_crt_t structure. + +** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error. + +** tests: Made self-test mini-eagain take less time. + +** doc: Typo fixes. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.2 (released 2009-08-10) + +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger +for providing one part of the patch. [GNUTLS-SA-2009-4]. + +** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. +Before it always returned false. Reported by Peter Hendrickson + in +. + +** libgnutls: Fix off-by-one size computation error in unknown DN printing. +The error resulted in truncated strings when printing unknown OIDs in +X.509 certificate DNs. Reported by Tim Kosse + in +. + +** libgnutls: Return correct bit lengths of some MPIs. +gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and +gnutls_dh_get_peers_public_bits. Before the reported value was +overestimated. Reported by Peter Hendrickson in +. + +** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. +Report and patch by Tim Kosse in + +and +. + +** libgnutls: Relax checking of required libtasn1/libgcrypt versions. +Before we required that the runtime library used the same (or more +recent) libgcrypt/libtasn1 as it was compiled with. Now we just check +that the runtime usage is above the minimum required. Reported by +Marco d'Itri via Andreas Metzler + in . + +** minitasn1: Internal copy updated to libtasn1 v2.3. + +** tests: Fix failure in "chainverify" because a certificate have expired. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.1 (released 2009-06-10) + +** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. +Forwarded by Martin von Gagern from +. + +** libgnutls: Fix PKCS#12 decryption from password. +The encryption key derived from the password was incorrect for (on +average) 1 in every 128 input for random inputs. Reported by "Kukosa, +Tomas" in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.0 (released 2009-05-27) + +** doc: Fix gnutls_dh_get_prime_bits. Fix error codes and algorithm lists. + +** Major changes compared to the v2.4 branch: + +*** lib: Linker version scripts reduces number of exported symbols. + +*** lib: Limit exported symbols on systems without LD linker scripts. + +*** libgnutls: Fix namespace issue with version symbols. + +*** libgnutls: Add functions to verify a hash against a certificate. +gnutls_x509_crt_verify_hash: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED + +*** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. + +*** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. + +*** certtool: Query for multiple dnsName subjectAltName in interactive mode. + +*** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. + +*** gnutls-serv: No longer disable MAC padding by default. + +*** gnutls-cli: Certificate information output format changed. + +*** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 +*** and %VERIFY_ALLOW_X509_V1_CA_CRT. + +*** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. + +*** libgnutls: gnutls_openpgp_crt_print supports oneline mode. + +*** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. + +*** libgnutls: New interface to get key id for certificate requests. +gnutls_x509_crq_get_key_id: ADDED. + +*** libgnutls: gnutls_x509_crq_print will now also print public key id. + +*** certtool: --verify-chain now prints results of using library verification. + +*** libgnutls: Libgcrypt initialization changed. + +*** libgnutls: Small byte reads via gnutls_record_recv() optimized. + +*** gnutls-cli: Return non-zero exit code on error conditions. + +*** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +*** certtool: allow setting arbitrary key purpose object identifiers. + +*** libgnutls: Change detection of when to use a linker version script. +Use --enable-ld-version-script or --disable-ld-version-script to +override auto-detection logic. + +*** Fix warnings and build GnuTLS with more warnings enabled. + +*** New API to set X.509 credentials from PKCS#12 memory structure. +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED + +*** Old libgnutls.m4 and libgnutls-config scripts removed. +Please use pkg-config instead. + +*** libgnutls: Added functions to handle CRL extensions. +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED + +*** libgnutls: Added functions to handle X.509 extensions in Certificate +Requests. +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED + +*** certtool: Print and set CRL and CRQ extensions. + +*** minitasn1: Internal copy updated to libtasn1 v2.1. + +*** examples: Now released into the public domain. + +*** The Texinfo and GTK-DOC manuals were improved. + +*** Several self-tests were added and others improved. + +*** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x +No offically supported interfaces have been modified or removed. The +library should be completely backwards compatible on both the source +and binary level. + +The shared library no longer exports some symbols that have never been +officially supported, i.e., not mentioned in any of the header files. +The symbols are: + + _gnutls* + gnutls_asn1_tab + +Normally when symbols are removed, the shared library version has to +be incremented. This leads to a significant cost for everyone using +the library. Because none of the above symbols have ever been +intended for use by well-behaved applications, we decided that the it +would be better for those applications to pay the price rather than +incurring problems on the majority of applications. + +If it turns out that applications have been using unofficial +interfaces, we will need to release a follow-on release on the v2.8 +branch to exports additional interfaces. However, initial testing +suggests that few if any applications have been using any of the +internal symbols. + +Although not a new change compared to 2.6.x, we'd like to remind you +interfaces have been modified so that X.509 chain verification now +also checks activation/expiration times on certificates. The affected +functions are: + +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +This change in behaviour was made during the GnuTLS 2.6.x cycle, and +we gave our rationale for it in earlier release notes. + +The following symbols have been added to the library: + +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_key_id: ADDED. +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED +gnutls_x509_crt_verify_hash: ADDED + +The following interfaces have been added to the header files: + +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. +GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. +GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. +GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. +GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. + +The following interfaces have been deprecated: + +LIBGNUTLS_VERSION: DEPRECATED. +LIBGNUTLS_VERSION_MAJOR: DEPRECATED. +LIBGNUTLS_VERSION_MINOR: DEPRECATED. +LIBGNUTLS_VERSION_PATCH: DEPRECATED. +LIBGNUTLS_VERSION_NUMBER: DEPRECATED. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. + +* Version 2.7.14 (released 2009-05-26) + +** libgnutls: Fix namespace issue with version symbol for libgnutls-extra. +The symbol LIBGNUTLS_EXTRA_VERSION were renamed to +GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is +deprecated. + +** Doc: Several typo fixes in documentation. +Reported by Peter Hendrickson . + +** API and ABI modifications: +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. + +* Version 2.7.13 (released 2009-05-25) + +** libgnutls: Fix version of some exported symbols in the shared library. +Reported by Andreas Metzler in +. + +** tests: Handle recently expired certificates in chainverify self-test. +Reported by Andreas Metzler in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.12 (released 2009-05-20) + +** gnutls-serv, gnutls-cli-debug: Make them work on Windows. + +** tests/crq_key_id: Don't read entropy from /dev/random in self-test. +Reported by Andreas Metzler in +. + +** Fix build failures. +Missing sa_family_t and vsnprintf on IRIX. Reported by "Tom +G. Christensen" in +. + +** minitasn1: Internal copy updated to libtasn1 v2.2. +GnuTLS should work fine with libtasn1 v1.x and that is still +supported. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.11 (released 2009-05-18) + +** minitasn1: Fix build failure when using internal libtasn1. +Reported by "Tom G. Christensen" in +. + +** libgnutls: Fix build failure with --disable-cxx. +Reported by Andreas Metzler in +. + +** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV. +Reported by "Tom G. Christensen" in + + +** Building with many warning flags now requires --enable-gcc-warnings. +This avoids crying wolf for normal compiles. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.10 (released 2009-05-13) + +** examples: Now released into the public domain. +This makes the license of the example code compatible with more +licenses, including the (L)GPL. + +** minitasn1: Internal copy updated to libtasn1 v2.1. +GnuTLS should work fine with libtasn1 v1.x and that is still +supported. + +** libgnutls: Fix crash in signature verification +The fix for the CVE-2009-1415 problem wasn't merged completely. + +** doc: Fixes for GTK-DOC output. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.9 (released 2009-05-11) + +** doc: Fix strings in man page of gnutls_priority_init. + +** doc: Fix tables of error codes and supported algorithms. + +** Fix build failure when cross-compiled using MinGW. + +** Fix build failure when LZO is enabled. +Reported by Arfrever Frehtes Taifersar Arahesis + in +. + +** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6. +Reported by "Tom G. Christensen" in +. + +** Fix warnings in self-tests. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.8 (released 2009-05-03) + +** libgnutls: Fix DSA key generation. +Merged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416] + +** libgnutls: Check expiration/activation time on untrusted certificates. +Merged from stable branch. Reported by Romain Francoise +. This changes the semantics of +gnutls_x509_crt_list_verify, which in turn is used by +gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. +We add two new gnutls_certificate_status_t codes for reporting the new +error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. +We also add a new gnutls_certificate_verify_flags flag, +GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new +behaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417] + +** lib: Linker version scripts reduces number of exported symbols. +The linker version script now lists all exported ABIs explicitly, to +avoid accidentally exporting unintended functions. Compared to +before, most symbols beginning with _gnutls* are no longer exported. +These functions have never been intended for use by applications, and +there were no prototypes for these function in the public header +files. Thus we believe it is possible to do this without incrementing +the library ABI version which normally has to be done when removing an +interface. + +** lib: Limit exported symbols on systems without LD linker scripts. +Before all symbols were exported. Now we limit the exported symbols +to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls) +_gnutls*. This is a superset of the actual supported ABI, but still +an improvement compared to before. This is implemented using Libtool +-export-symbols-regex. It is more portable than linker version +scripts. + +** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols. +This should have been done in the last release. + +** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. +Reported by Peter Hendrickson in +. + +** doc: Improved sections for the info manual. +We now follow the advice given by the texinfo manual on which +directory categories to use. In particular, libgnutls moved from the +'GNU Libraries' section to the 'Software libraries' and the command +line tools moved from 'Network Applications' to 'System +Administration'. + +** API and ABI modifications: +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +* Version 2.7.7 (released 2009-04-20) + +** libgnutls: Applied patch by Cedric Bail to add functions +gnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm(). + +** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output. +Reported by Andreas Metzler in +. + +** minitasn1: Internal copy updated to libtasn1 v1.8. +GnuTLS is also internally ready to be used with libtasn1 v2.0. + +** doc: Fix build failure of errcodes/printlist. +Reported by Roman Bogorodskiy in +. + +** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. +It is currently only used by the core library. This will enable a new +domain 'gnutls' for translations of the command line tools. + +** Corrected possible memory corruption on signature verification failure. +Reported by Miroslav Kratochvil + +** API and ABI modifications: +gnutls_x509_crt_verify_hash: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED + +* Version 2.7.6 (released 2009-02-27) + +** certtool: Query for multiple dnsName subjectAltName in interactive mode. +This applies both to generating certificates and certificate requests. + +** pkix.asn: Removed unneeded definitions to reduce memory usage. + +** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. +Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to +be used for chain verification. + +** gnutls-serv: No longer disable MAC padding by default. +Use --priority NORMAL:%COMPAT to disable MAC padding again. + +** gnutls-cli: Certificate information output format changed. +The tool now uses libgnutls' functions to print certificate +information. This avoids code duplication. + +** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 +** and %VERIFY_ALLOW_X509_V1_CA_CRT. +They can be used to override the default certificate chain validation +behaviour. + +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy +TLS servers. Report by Martin von Gagern. + +** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. + +** libgnutls: gnutls_openpgp_crt_print supports oneline mode. + +** doc: Update gnutls-cli and gnutls-serv --help output descriptions. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.5 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" + in +. + +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks . + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill . + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.4 (released 2009-01-07) + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor + in +, +debugged and patch by Tomas Mraz and Daniel Kahn +Gillmor . + +** libgnutls: New interface to get key id for certificate requests. +Patch from David Marín Carreño in +. + +** libgnutls: gnutls_x509_crq_print will now also print public key id. + +** certtool: --verify-chain now prints results of using library verification. +Earlier, certtool --verify-chain used its own validation algorithm +which wasn't guaranteed to give the same result as the libgnutls +internal validation algorithm. Now this command print a new final +line with header 'Chain verification output:' that contains the result +from using the internal verification algorithm on the same chain. + +** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id. + +** API and ABI modifications: +gnutls_x509_crq_get_key_id: ADDED. + +* Version 2.7.3 (released 2008-12-10) + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer in + forwarded by +Andreas Metzler in +. + +** libgnutls: Libgcrypt initialization changed. +If libgcrypt has not already been initialized, GnuTLS will now +initialize libgcrypt with disabled secure memory. Initialize +libgcrypt explicitly in your application if you want to enable secure +memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory +allocation functions, which doesn't use secure memory, so there is no +real change in behaviour. + +** libgnutls: Fix memory leak in PSK authentication. +Reported by Michael Weiser in +. + +** libgnutls: Small byte reads via gnutls_record_recv() optimized. + +** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. +It needs to be invoked before libgcrypt is initialized. + +** gnutls-cli: Return non-zero exit code on error conditions. + +** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +** tests: Added chainverify self-test that tests X.509 chain verifications. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.2 (released 2008-11-18) + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern . [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to + +** libgnutls: Fix namespace issue with version symbols. +The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR, +LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and +LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER, +GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and +GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to +work but are deprecated. + +** certtool: allow setting arbitrary key purpose object identifiers. + +** libgnutls: Fix detection of C99 macros, to make debug logging work again. + +** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. +Reported by Kevin Quick in +. + +** libgnutls-extra: Make building with LZO compression work again. +Build failure reported by Arfrever Frehtes Taifersar Arahesis + in +. + +** libgnutls: Change detection of when to use a linker version script. +Use --enable-ld-version-script or --disable-ld-version-script to +override auto-detection logic. + +** doc: Change license on the manual to GFDLv1.3+. + +** doc: GTK-DOC fixes for new splitted configuration system. + +** doc: Texinfo stylesheet uses white background. + +** tests: Add cve-2008-4989.c self-test. +Tests regressions of the GNUTLS-SA-2008-3 security problem, and the +follow-on problem with crashes on length 1 certificate chains. + +** gnulib: Deprecated modules removed. +Modules include memchr and memcmp. + +** Fix warnings and build GnuTLS with more warnings enabled. + +** minitasn1: Internal copy updated to libtasn1 v1.7. + +** API and ABI modifications: +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. +GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. +GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. +GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. +GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +LIBGNUTLS_VERSION: DEPRECATED. +LIBGNUTLS_VERSION_MAJOR: DEPRECATED. +LIBGNUTLS_VERSION_MINOR: DEPRECATED. +LIBGNUTLS_VERSION_PATCH: DEPRECATED. +LIBGNUTLS_VERSION_NUMBER: DEPRECATED. + +* Version 2.7.1 (released 2008-10-31) + +** certtool: print a PKCS #8 key even if it is not encrypted. + +** Old libgnutls.m4 and libgnutls-config scripts removed. +Please use pkg-config instead. + +** Configuration system modified. +There is now a configure script in lib/ and libextra/ as well, because +gnulib works better with a config.h per gnulib directory. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.0 (released 2008-10-16) + +** libgnutls: Added functions to handle CRL extensions. + +** libgnutls: Added functions to handle X.509 extensions in Certificate +Requests. + +** libgnutls: Improved error string for GNUTLS_E_AGAIN. +Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" . + +** certtool: Print and set CRL and CRQ extensions. + +** libgnutls-extra: Protect internal symbols with static. +Fixes problem when linking certtool statically. Tiny patch from Aaron +Ucko . + +** libgnutls-openssl: fix out of bounds access. +Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch +from Thomas Viehmann . + +** libgnutlsxx: Define server_session::get_srp_username even if no SRP. + +** tests: Make tests compile when using internal libtasn1. +Patch by ludo@gnu.org (Ludovic Courtès). + +** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config. +We now require a libgcrypt that has Camellia constants declared in +gcrypt.h, which means v1.3.0 or later. + +** API and ABI modifications: +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED + +* Version 2.6.6 (released 2009-04-30) + +** libgnutls: Corrected double free on signature verification failure. +Reported by Miroslav Kratochvil . See the advisory +for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415] + +** libgnutls: Fix DSA key generation. +Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All +DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory +for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416] + +** libgnutls: Check expiration/activation time on untrusted certificates. +Reported by Romain Francoise . Before the +library did not check activation/expiration times on certificates, and +was documented as not doing so. We have realized that many +applications that use libgnutls, including gnutls-cli, fail to perform +proper checks. Implementing similar logic in all applications leads +to code duplication. Hence, we decided to check whether the current +time (as reported by the time function) is within the +activation/expiration period of certificates when verifying untrusted +certificates. + +This changes the semantics of gnutls_x509_crt_list_verify, which in +turn is used by gnutls_certificate_verify_peers and +gnutls_certificate_verify_peers2. We add two new +gnutls_certificate_status_t codes for reporting the new error +condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also +add a new gnutls_certificate_verify_flags flag, +GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new +behaviour. + +More details about the vulnerabilities will be posted at +. + +** gnutls-cli, gnutls-cli-debug: Fix AIX build problem. +Reported by LAUPRETRE François (P) in +. + +** tests: Fix linking of tests/openpgp/keyring self-test. +Reported by Daniel Black in . + +** API and ABI modifications: +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +* Version 2.6.5 (released 2009-04-11) + +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy +TLS servers. Report by Martin von Gagern. + +** GnuTLS no longer uses the libtasn1-config script to find libtasn1. +Libtasn1 0.3.4 or later is required. This is to align with the +upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.4 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" + in +. + +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks . + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill . + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" in +. + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor + in +, +debugged and patch by Tomas Mraz and Daniel Kahn +Gillmor . + +** libgnutls: Fix compile error with Sun CC. +Reported by Jeff Cai in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.3 (released 2008-12-12) + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer in + forwarded by +Andreas Metzler in +. + +** libgnutls: Fix memory leak in PSK authentication. +Reported by Michael Weiser in +. + +** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. +It needs to be invoked before libgcrypt is initialized. + +** gnutls-cli: Return non-zero exit code on error conditions. + +** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.2 (released 2008-11-12) + +** libgnutls: Fix crash in X.509 validation code for self-signed certificates. +The patch to fix the security problem GNUTLS-SA-2008-3 introduced a +problem for certificate chains that contained just one self-signed +certificate. Reported by Michael Meskes in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.1 (released 2008-11-10) + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern . [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to + +** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. +Reported by Kevin Quick in +. + +** libgnutls-extra: Protect internal symbols with static. +Fixes problem when linking certtool statically. Tiny patch from Aaron +Ucko . + +** libgnutls-openssl: Fix patch against X509_get_issuer_name. +It incorrectly returned the subject DN instead of issuer DN in v2.6.0. +Thanks to Thomas Viehmann for report. + +** certtool: Print a PKCS #8 key even if it is not encrypted. + +** tests: Make tests compile when using internal libtasn1. +Patch by ludo@gnu.org (Ludovic Courtès). + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.0 (released 2008-10-06) + +** libgnutls: Correct printing and parsing of IPv6 addresses. + +** libgnutls-openssl: fix out of bounds access. +Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch +from Thomas Viehmann . + +** certtool: Use inet_pton for parsing IPv6 addresses. + +** Major changes compared to the v2.4 branch: + +*** Added API to replace and update the crypto backend. + +*** certtool: can add several subject alternative names via template file. + +*** opencdk: Parse (but not decrypt) encrypted secret keys. + +*** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can +either set or append alternative names. It can also handle binary structures +such as IP addresses. + +*** libgnutls: New function to set minimum acceptable SRP bits. +The function is gnutls_srp_set_prime_bits. + +*** libgnutls: Add interface to deal with public key and signature algorithms. +The functions are called gnutls_pk_list, gnutls_pk_get_id, +gnutls_sign_list, and gnutls_sign_get_id. + +*** libgnutls: New interfaces to get name of public key and signing algorithms. +The functions are gnutls_sign_get_name and gnutls_pk_get_name. + +*** libgnutls: New API to get a string corresponding to a error symbol. +The function is gnutls_strerror_name. + +*** libgnutls: New API to set the public parameters in a certificate request +*** from a private key. +The function is gnutls_x509_crq_set_key_rsa_raw. + +*** libgnutls: New API to set a callback to extract TLS Finished data. +The function to register is gnutls_session_set_finished_function and +it takes a callback of the gnutls_finished_callback_func type. + +*** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE. + +*** libgnutls: New interface to register a new TLS extension handler. +The new function gnutls_ext_register can be used to register handlers +for specific TLS extension types. The callback functions have the new +types gnutls_ext_recv_func and gnutls_ext_send_func. A type to +classify TLS extensions, gnutls_ext_parse_type_t, has been added as +well. + +*** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode. +The function is gnutls_register_md5_handler. When libgcrypt is in +FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in +the PRF. + +*** API/ABI changes in GnuTLS 2.6 +No functions have been removed or modified. The library should be +fully backwards compatible on both the source and binary level. + +A new header file have been added. It contains +definitions related to replacing the internal crypto functionality. +All definitions and the header itself is experimental but supported. + +We have realized that the symbols TLS_MASTER_SIZE and TLS_RANDOM_SIZE +does not use the normal namespace. We have added GNUTLS_MASTER_SIZE +and GNUTLS_RANDOM_SIZE, but the old symbols are still defined. + +The following functions have been added to libgnutls: + +GNUTLS_MASTER_SIZE +GNUTLS_RANDOM_SIZE +gnutls_crypto_bigint_register2 +gnutls_crypto_cipher_register2 +gnutls_crypto_digest_register2 +gnutls_crypto_mac_register2 +gnutls_crypto_pk_register2 +gnutls_crypto_rnd_register2 +gnutls_crypto_single_cipher_register2 +gnutls_crypto_single_digest_register2 +gnutls_crypto_single_mac_register2 +gnutls_ext_register +gnutls_pk_get_id +gnutls_pk_get_name +gnutls_pk_list +gnutls_session_set_finished_function +gnutls_sign_get_id +gnutls_sign_get_name +gnutls_sign_list +gnutls_srp_set_prime_bits: +gnutls_strerror_name +gnutls_x509_crq_set_key_rsa_raw +gnutls_x509_crt_set_crl_dist_points2 +gnutls_x509_crt_set_subject_alt_name + +The following functions have been added to libgnutls-extra: + +gnutls_register_md5_handler + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.9 (released 2008-09-29) + +** libgnutls: Fix several memory leaks. +Reported by Sam Varshavchik . + +** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import. +Report and patch by Jonathan Manktelow. + +** libgnutls: crypto.h gnutls_pk_params_st changes allocation strategy. +The parameters are now allocated in the structure itself. + +** doc: Texinfo HTML manual uses a stylesheet to improve readability. + +** tests: Scripts now use EXEEXT properly. +Modern libtool doesn't create wrapper script, so the self tests need +to invoke certtool.exe under MinGW32+Wine. + +** Uses autoconf 2.63, automake 1.10.1, libtool 2.2.6a. +Automake warnings are now also enabled. + +** API and ABI modifications: +gnutls_pk_params_st: MODIFIED + +* Version 2.5.8 (released 2008-09-21) + +** certtool: updated so it can add several subject alternative names using +the template file. + +** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can +either set or append alternative names. It can also handle binary structures +such as IP addresses. + +** libgnutls: Fix crash in hashing code when using non-libgcrypt handlers. + +** libgnutls: New function to set minimum acceptable SRP bits. +The function is gnutls_srp_set_prime_bits. Tiny patch by Kevin Quick + in . + +** libgnutls: Check for overflows in gnutls_calloc and gnutls_secure_calloc. +Also fix overflows in calls to those functions. Reported by Werner +Koch . + +** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode. +The function is gnutls_register_md5_handler. When libgcrypt is in +FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in +the PRF. + +** Opencdk: Add calls to gnutls_assert to ease debugging. + +** Indent code. + +** API and ABI modifications: +gnutls_srp_set_prime_bits: ADDED +gnutls_register_md5_handler: ADDED +gnutls_x509_crt_set_crl_dist_points2: ADDED +gnutls_x509_crt_set_subject_alt_name: ADDED + +* Version 2.5.7 (released 2008-09-16) + +** libgnutls: New interfaces to get name of public key and signing algorithms. +The functions are gnutls_sign_get_name and gnutls_pk_get_name. + +** libgnutls: Don't crash when gnutls_credentials_set is called twice. + +** libgnutls: Fix libgnutls shared library version. +It wasn't properly incremented after adding symbols in the last +release. + +** manual: Now mention supported public key and public key signing algorithms. + +** tests/openssl: initialize gnutls before use. + +** tests/setcredcrash: New test to catch regressions of gnutls_credentials_set. + +** GTK-DOC manual: mention new symbols in 2.6.x. Mention crypto.h functions. + +** API and ABI modifications: +gnutls_sign_get_name: ADDED +gnutls_pk_get_name: ADDED + +* Version 2.5.6 (released 2008-09-08) + +** libgnutls: Add interface to deal with public key and signature algorithms. +The functions are called gnutls_pk_list, gnutls_pk_get_id, +gnutls_sign_list, and gnutls_sign_get_id. Suggested by Sam +Varshavchik . + +** libgnutls: Refactor and clean up some code. + +** libgnutls: Fix compile error with Sun CC. + +** gnutls-cli: Improve --list output to include public key and signature algs. + +** gnutls-cli, gnutls-serv: Remove --copyright parameter. +Use standard --version to get license info. + +** gnutls-cli.1: Document all new parameters. +Thanks to James Westby . + +** tests: New self-test pgps2kgnu to test parsing of encrypted secrets. +Contributed by Daniel Kahn Gillmor . + +** API and ABI modifications: +gnutls_pk_list: ADDED +gnutls_pk_get_id: ADDED +gnutls_sign_list: ADDED +gnutls_sign_get_id: ADDED + +* Version 2.5.5 (released 2008-08-29) + +** libgnutls: New API to get a string corresponding to a error symbol. +The function is gnutls_strerror_name. + +** libgnutls: Fix include paths so that building with internal libtasn1 works. +Reported by "jth.net ApS" . + +** libgnutls: Fix segmentation fault when generating private keys. +Reported by Daniel Kahn Gillmor . + +** libgnutls: Remove code to import certificate chains in PKCS#7 format. +The code has not worked since v0.9.0 and apparently nobody has missed +it, so we decided to remove the code rather than fix it. If you have +old certificate chains stored in PKCS#7 format, you can convert them +to a list of PEM certificates by using 'certtool --p7-info'. Reported +by Christian Grothoff . + +** opencdk: Parse (but not decrypt) encrypted secret keys. +Contributed by Daniel Kahn Gillmor . + +** libgnutls: Fix many warnings. + +** Included copy of libtasn1 is upgraded to version 1.5. + +** Add French translation, thanks to Nicolas Provost. + +** API and ABI modifications: +gnutls_strerror_name: ADDED + +* Version 2.5.4 (released 2008-08-19) + +** Fix secure memory initialization of libgcrypt. +Reported by Joe Orton in +. + +** Doc fixes. +Reference to NIST SP 800-57 in the manual on key size recommendations. +Added 'Since:' tags to new APIs for gtk-doc. + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.3 (released 2008-08-14) + +** libgnutls: New API to set the public parameters in a certificate request +** from a private key. +The function is gnutls_x509_crq_set_key_rsa_raw. Inspired by +discussion with "Zach C." . + +** libgnutls: New API to set a callback to extract TLS Finished data. +The function to register is gnutls_session_set_finished_function and +it takes a callback of the gnutls_finished_callback_func type. + +** libgnutls: Drop final comma after GNUTLS_CRT_PRINT_UNSIGNED_FULL in enum. +Reported in . + +** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE. +The new names are GNUTLS_MASTER_SIZE and GNUTLS_RANDOM_SIZE. The old +names are mapped to the new names in compat.h. These mappings will +likely be removed more quickly than other mappings in that file due to +the namespace violation. + +** libgnutlsxx: Make it build when SRP is disabled. + +** doc: Add doxygen files in doc/doxygen/. + +** API and ABI modifications: +gnutls_x509_crq_set_key_rsa_raw: ADDED +gnutls_session_set_finished_function: ADDED +gnutls_finished_callback_func: ADDED +GNUTLS_MASTER_SIZE: ADDED +GNUTLS_RANDOM_SIZE: ADDED +TLS_MASTER_SIZE: DEPRECATED +TLS_RANDOM_SIZE: DEPRECATED + +* Version 2.5.2 (released 2008-07-08) + +** libgnutls: Fix bug in gnutls_dh_params_generate2. +The prime and generator was swapped. + +** libgnutls: New interface to register a new TLS extension handler. +The new function gnutls_ext_register can be used to register handlers +for specific TLS extension types. The callback functions have the new +types gnutls_ext_recv_func and gnutls_ext_send_func. A type to +classify TLS extensions, gnutls_ext_parse_type_t, has been added as +well. + +** Move more code for TLS/IA extension from libgnutls to libgnutls-extra. +This was made possible by using the new gnutls_ext_register interface. +The TLS/IA functionality has only been supported through the +libgnutls-extra library, so it makes sense for the code to belong +there too. + +** API and ABI modifications: +gnutls_ext_recv_func: ADDED +gnutls_ext_send_func: ADDED +gnutls_ext_parse_type_t: ADDED +gnutls_ext_register: ADDED + +* Version 2.5.1 (released 2008-07-02) + +** Indent code. + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.0 (released 2008-07-02) + +** Port fixes from v2.4.1 release, see below. + +** Added API to replace and update the crypto backend. +The header gnutls/crypto.h is now officially supported, and declares +the symbols below. + +** Rewritten opencdk crypto backend, to use the gnutls internal one. + +** Update gnulib and translations. +The gnulib gc crypto code has been removed since it was never finished +and is no longer even used. An internal non-libgcrypt crypto +implementation may be added in the future, but we'll decide that later +on. + +** API and ABI modifications: +gnutls_crypto_bigint_register2: ADDED. +gnutls_crypto_cipher_register2: ADDED. +gnutls_crypto_digest_register2: ADDED. +gnutls_crypto_mac_register2: ADDED. +gnutls_crypto_pk_register2: ADDED. +gnutls_crypto_rnd_register2: ADDED. +gnutls_crypto_single_cipher_register2: ADDED. +gnutls_crypto_single_digest_register2: ADDED. +gnutls_crypto_single_mac_register2: ADDED. + +* Version 2.4.3 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" + in +. + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" in +. + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor + in +, +debugged and patch by Tomas Mraz and Daniel Kahn +Gillmor . + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer in + forwarded by +Andreas Metzler in +. + +** libgnutls: Fix crash in X.509 validation code for self-signed certificates. +The patch to fix the security problem GNUTLS-SA-2008-3 introduced a +problem for certificate chains that contained just one self-signed +certificate. Reported by Michael Meskes in +. + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern . [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to + +** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import. +Report and patch by Jonathan Manktelow. + +** libgnutls: Avoid use of non-thread safe strerror. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.2 (released 2008-09-15) + +** libgnutls: Don't crash when gnutls_credentials_set is called twice. + +** libgnutls: Corrected memory leak in X.509 functions. +Thanks to Colin Leroy . + +** libgnutls: Fix compile error with Sun CC. + +** gnutls-cli.1: Document all new parameters. +Thanks to James Westby . + +** tests/openssl: initialize gnutls before use. +Fixes crash with libgcrypt 1.4.2. Reported by Ludovic Courtes +. + +** doc/: Fix texinfo markup for old texinfo versions. + +** Included copy of libtasn1 is upgraded to version 1.5. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.1 (released 2008-06-30) + +** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2] +If the gnutls_handshake function is called for a normal session, which +can happen for re-handshakes, the library would crash because it tried +to hash some data using a libgcrypt handle that had been deallocated. +Report and tiny patch from Tomas Mraz . Any updates +with more details about this vulnerability will be added to + + +** libgnutls: Fix memory leaks when doing a re-handshake. +Reported by Sam Varshavchik in +. + +** Fix compiler warnings. +Reported by Massimo Gaspari in +. + +** Fix ordering of -I's to avoid opencdk.h conflict with system headers. +Reported by Roman Bogorodskiy in +. + +** srptool: Fix a problem where --verify check does not succeed. +Report and tiny patch by Matthias Koenig in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.0 (released 2008-06-19) + +** Major changes compared to the v2.2 branch: + +*** The OpenPGP sub-system has been improved and now supports subkeys. + +*** The PSK sub-system has been improved and now supports password +*** derivation and PSK identity hints. +The password derivation algorithms support is documented in +draft-ietf-netconf-tls-02.txt. + +*** The certtool --inder and --outder has been replaced by --inraw and --outraw. +This aligns terminology with OpenPGP, which doesn't use DER encoding. +The old parameters will continue to work for some time. + +*** Certtool now confirm passwords and changes permissions of private key files. + +*** The default handshake size limit has been increased to 48kb. +It appears as if some valid handshakes are large due to sending many +CA certificates. (The earlier limit was 16kb.) + +*** LZO compression is now disabled by default. +The main reason is that LZO compression in TLS is not standardized, +but license compatiblity issues with minilzo triggered us to make this +decision now. + +*** Improvements for cross-compilation to Windows and OpenWRT. + +*** The look of the GTK-DOC manual has been improved. +Major developer visible changes compared to the v2.2 branch: + +*** Full OpenPGP support is part of libgnutls, licensed under the LGPL. + +*** New APIs to access the raw X.509 Subject and Issuer DN's and +*** elements from the certificate credentials structure. +Thanks to Joe Orton. + +*** New APIs to improve working with username/passwords and PSK. + +*** Names of constants to affect certificate printing changed. +The constants are used for OpenPGP too, which the names didn't +reflect, so the following name change has been made: + + Old name New name + GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL + GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE + GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL + +The old names will be mapped to the new names for some time. + +*** The function gnutls_openpgp_privkey_get_id has been renamed to +*** gnutls_openpgp_privkey_get_key_id. +A compatibility mapping exists to avoid breaking API backwards +compatibility. + +*** Replaced all uses of alloca with malloc and free. + +*** We no longer build with -D_REENTRANT -D_THREAD_SAFE. +We have been unable to find a documented rationale for this practice. + +*** Of course, many smaller fixes have been made, see the ChangeLog file. + +*** API/ABI changes in GnuTLS 2.4 +All OpenPGP related functions have been moved from libgnutls-extra to +libgnutls, and several new functions have been added (see below). +Before making the release, we discussed whether moving functions from +libgnutls-extra to libgnutls would require us to increment the ABI +version, but the general opinion was that this would not be required. +All older functions continue to work the same. We are open to the +possibility that this decision will lead to problem on some platform, +and if it turns out that the Right Thing should have been to increment +the shared library version, we would need to release an update within +the 2.4.x branch that increments the shared library version. + +This release adds the following functions: + + gnutls_psk_client_get_hint + gnutls_psk_set_server_credentials_hint + gnutls_psk_netconf_derive_key + + Used to get/set the PSK identity hint, and derive PSK keys from + passwords a'la netconf. + + gnutls_x509_dn_deinit + gnutls_x509_dn_export + gnutls_x509_dn_import + gnutls_x509_dn_init + + Used to handle X.509 Certificate DN's directly. + + gnutls_hex2bin + + Converts a data buffer to hex. Useful for handling PSK/SRP shared + secrets. + + gnutls_certificate_get_x509_cas + gnutls_certificate_get_x509_crls + gnutls_certificate_get_openpgp_keyring + + Functions for direct access to credential elements. + + gnutls_openpgp_crt_get_auth_subkey + gnutls_openpgp_crt_get_key_id + gnutls_openpgp_crt_get_pk_dsa_raw + gnutls_openpgp_crt_get_pk_rsa_raw + gnutls_openpgp_crt_get_preferred_key_id + gnutls_openpgp_crt_get_revoked_status + gnutls_openpgp_crt_get_subkey_count + gnutls_openpgp_crt_get_subkey_creation_time + gnutls_openpgp_crt_get_subkey_expiration_time + gnutls_openpgp_crt_get_subkey_fingerprint + gnutls_openpgp_crt_get_subkey_id + gnutls_openpgp_crt_get_subkey_idx + gnutls_openpgp_crt_get_subkey_pk_algorithm + gnutls_openpgp_crt_get_subkey_pk_dsa_raw + gnutls_openpgp_crt_get_subkey_pk_rsa_raw + gnutls_openpgp_crt_get_subkey_revoked_status + gnutls_openpgp_crt_get_subkey_usage + gnutls_openpgp_crt_print + gnutls_openpgp_crt_set_preferred_key_id + gnutls_openpgp_keyring_get_crt + gnutls_openpgp_keyring_get_crt_count + gnutls_openpgp_privkey_export + gnutls_openpgp_privkey_export_dsa_raw + gnutls_openpgp_privkey_export_rsa_raw + gnutls_openpgp_privkey_export_subkey_dsa_raw + gnutls_openpgp_privkey_export_subkey_rsa_raw + gnutls_openpgp_privkey_get_fingerprint + gnutls_openpgp_privkey_get_key_id + gnutls_openpgp_privkey_get_pk_algorithm + gnutls_openpgp_privkey_get_preferred_key_id + gnutls_openpgp_privkey_get_revoked_status + gnutls_openpgp_privkey_get_subkey_count + gnutls_openpgp_privkey_get_subkey_creation_time + gnutls_openpgp_privkey_get_subkey_expiration_time + gnutls_openpgp_privkey_get_subkey_fingerprint + gnutls_openpgp_privkey_get_subkey_id + gnutls_openpgp_privkey_get_subkey_idx + gnutls_openpgp_privkey_get_subkey_pk_algorithm + gnutls_openpgp_privkey_get_subkey_revoked_status + gnutls_openpgp_privkey_set_preferred_key_id + + New OpenPGP related functions. + + The function gnutls_openpgp_crt_get_key_id is the same as the old + from gnutls_openpgp_crt_get_id, see above. + +The release also adds a new header file 'gnutls/crypto.h', however it +is currently not used. + +** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys. +Contributed by Daniel Kahn Gillmor . + +** API and ABI modifications: +gnutls_openpgp_crt_get_subkey_fingerprint: ADDED. +gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED. + +* Version 2.3.15 (released 2008-06-15) + +** Disable the openpgp-certs self-tests. +It results in failure under Wine and doesn't work on Debian buildds. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.14 (released 2008-06-11) + +** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour. +An OpenPGP certificate is now only considered verified if all the user +IDs are verified. + +** Examples: Make C++ example compile. +Earlier it may have failed with an unresolved reference to strlen. + +** Documentation: Doc fix for gnutls_x509_crt_get_extension_oid. +Reported by Sam Varshavchik . + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.13 (released 2008-06-07) + +** libgnutls [OpenPGP]: Make OpenPGP handshakes work again. + +** doc/: Add psktool to info index. Some minor cleanups. + +** tests/: Added non-forking TLS handshake test, see tests/mini.c. + +** tests/: Added libgcrypt.supp which can be used with valgrind. +The file suppresses the known libgcrypt memory leaks, so they aren't +printed when you run valgrind on the gnutls self-tests. Use it as +follows: valgrind --suppressions=libgcrypt.supp ./x509self or add +'--suppressions=/home/you/src/gnutls/tests/libgcrypt.supp' to your +~/.valgrindrc file. + +** tests/: Reduce amount of debugging output by default. +Use --verbose for each test to get the full output. + +** tests/: Fix memory leaks in several self-tests. +None of the self tests should be leaking memory when running valgrind +or similar tools. (Known exceptions are dhepskself, pskself, and +set_pkcs12_cred, which appear likely to be due to memory leaks in the +library.) + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.12 (released 2008-06-04) + +** Merge gnutls_with_netconf branch. + +*** libgnutls [PSK]: New API to retrieve PSK identity hint in client. +The function is gnutls_psk_client_get_hint. + +*** libgnutls [PSK]: New API to set PSK identity hint in server. +The function is gnutls_psk_set_server_credentials_hint. + +*** libgnutls [PSK]: Support server key exchange with PSK identity hint. +In the client, the message is parsed and the application can use +gnutls_psk_client_get_hint to retrieve the hint. In the server, the +message is sent if the application has specified a PSK identity hint +using gnutls_psk_set_server_credentials_hint. + +*** libgnutls [PSK]: Support Netconf PSK key derivation. +The function gnutls_psk_netconf_derive_key supports the PSK key +derivation as specified in draft-ietf-netconf-tls-02.txt. New self +test netconf-psk.c. + +*** psktool: Support new --netconf-hint to generate PSK key from password. +Uses the Netconf algorithm to derive PSK key from password. + +*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint. + +*** gnutls-cli: Always support PSK modes, through a callback. +The callback will derive a PSK key using Netconf algorithm. It will +print the PSK identity hint to help the user. + +*** New PSK example client and server. +See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c. + +** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms. +The code didn't work properly on platforms where 'char' is unsigned, +when you set version 0. Reported by Laurence Withers + in +. + +** libgnutls-openssl: added RAND_pseudo_bytes API. +Patch from Robert Millan . + +** API and ABI modifications: +RAND_pseudo_bytes: ADDED to libgnutls-openssl. +gnutls_psk_client_get_hint: ADDED. +gnutls_psk_set_server_credentials_hint: ADDED. +gnutls_psk_netconf_derive_key: ADDED + +* Version 2.3.11 (released 2008-05-20) + +** Fix flaw in fix for GNUTLS-SA-2008-1-3. +The flaw would result in incorrectly terminated sessions with the +error "Decryption has failed" when the server sends a small packet +(typically when the session is closed). Reported by Andreas Metzler + in +. + +** Don't use gnulib headers when building C++ library. +Fixes builds under Windows. + +** Make umask a requirement. +We don't know of any system that lacks it, even GNU CoreUtils use it +unconditionally. + +** Update gnulib files. +Fixes a problem where it pulled in a replacement for memcmp under +MinGW, which caused the C++ example to fail to build. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.10 (released 2008-05-19) + +** Added wide wildcard hostname matching. +Tiny patch by Jean-Philippe Garcia Ballester. + +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to + + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + +** libgnutlsxx: Updated API according to patches from Eduardo +Villanueva Che (discussion at +) + +** Use umask to restrict permissions to owner before creating a file. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.9 (released 2008-05-16) + +** libgnutls: Fix build failures if SRP/OpenPGP is disabled. +Based on report and tiny patches from +, see +. + +** libgnutls: Translation fixes. + +** gnutls-cli: Fix so that PSK authentication works. +Also improve manual to give example for gnutls-cli PSK authentication. + +** certtool: Encrypting a private key now require a confirmed password. +Before './certtool -k -8' would merely ask for a password once. +Reported by Daniel 'NebuchadnezzaR' Dehennin + see +. + +** certtool: When writing private keys to files, change permissions of file. +Now the file which the private key is saved to is chmod'ed 0600. +Reported by martin f krafft see +. + +** guile: Fix -fgnu89-inline test. + +** Removed --enable-profile-mode. +The code linked gnutls with the libfc project (Function Check) which +appears to have been stalled since around 2002. + +** Clean up header file checks by ./configure. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.8 (released 2008-04-29) + +** libgnutls: Increase default handshake packet size limit to 48kb. +The old limit was 16kb and some servers send huge list of trusted CAs, +thus running into the limit. FYI, applications can further increase +this limit using gnutls_handshake_set_max_packet_length. Thanks to +Marc Haber and "Marc F. Clemente" + for reporting and providing test servers. + +** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE +Returned when the handshake data size is too large. Before +GNUTLS_E_MEMORY_ERROR was used, which could be confused with other +error situations. + +** libgnutls: Hide definitions in crypto.h. +We have decided that the APIs defined in crypto.h are not stable +enough for v2.4, so don't use any of those functions. + +** gnutls-cli: exit when hostname doesn't match certificate. +Use --insecure to avoid hostname comparison. + +** certtool: --inder and --outder replaced by --inraw and --outraw. +The reason is to align terminology with OpenPGP, which doesn't use +DER. The old parameters will continue to work for some time. + +** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual. + +** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings. + +** Mingw32: Revert libgcrypt vasprintf work-around added in last release. +Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the +vasprintf symbol from the libgcrypt library which caused problems. + +** Update of gnulib files. + +** tests: New self-test of crypto.h RNG code tests/crypto_rng. + +** API and ABI modifications: +GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED. + +* Version 2.3.7 (released 2008-04-21) + +** opencdk now properly sets the key usage bits into openpgp keys. + +** gnutls-cli: Fix crash on TLS handshake failures. +Reported by "Marc F. Clemente" in Debian BTS #466477. +This is similar to . + +** certtool: with --generate-request and newly generated keys, print the key. + +** Build fixes for MinGW. +Missing rpl_fseeko symbol in lib/opencdk/. Better checks for linking +with -lws2_32 when needed. Use ASCII only isprint() when printing +X.509 certificate information, to avoid non-ASCII but printable +characters. Thanks to Massimo Gaspari for +reports. + +** Update internal copy of libtasn1 to version 1.4. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.6 (released 2008-04-17) + +** Make gnutls_x509_crq_sign2 set certificate request version if not set. +** Improve documentation for gnutls_x509_crq_sign2. +Based on report from "John Brooks" in +. + +** tests/pathlen: run diff without parameters to improve portability. +Based on HPUX build hints in +. + +** Don't use %e specifier with strftime, it doesn't work under Windows. +Reported by Massimo Gaspari in +. + +** Remove all uses of gnutls_alloca/gnutls_afree. +Use normal gnutls_malloc instead. One reason is increased portability +to Windows, the other is that several of the uses may be unsafe +because the size of data allocated could be large. Reported by +Massimo Gaspari in +. + +** Build Guile code with -fgnu89-inline only when supported. +Reported by Kris Karas in +. + +** Several GTK-DOC related fixes. + +** Clean up OpenCDK related code. +GnuTLS now requires its internal OpenCDK code rather than the external +GPL library OpenCDK. Unfortunately, we don't have resources to +maintain an external library (help welcome). + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.5 (released 2008-04-14) + +** Build fix for MinGW and --disable-shared. +Reported by Massimo Gaspari in +. + +** Document how to generate CRLs. +Suggested by "Rainer Gerhards" . + +** Documented the --priority option to gnutls-cli and gnutls-serv. + +** Several minor fixes in the OpenPGP interface. +Thanks to Daniel Kahn Gillmor. + +** Fix fopen file descriptor leak in PSK server code. +Thanks to Laurence Withers , see +. + +** Translations files not stored directly in git to avoid merge conflicts. + +** New APIs to let applications replace the RNG used. +Update all RNG callers in the code to use the new interface. + +** Guile code now built with -fgnu89-inline to fix inline semantic problem. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_crypto_rnd_register: ADDED +gnutls_rnd_level_t: ADDED +GNUTLS_RND_KEY: ADDED, gnutls_rnd_level_t member +GNUTLS_RND_RANDOM: ADDED, gnutls_rnd_level_t member +GNUTLS_RND_NONCE: ADDED, gnutls_rnd_level_t member +gnutls_crypto_rnd_st: ADDED +GNUTLS_DIG_SHA224: ADDED +GNUTLS_SIGN_RSA_SHA224: ADDED +gnutls_openpgp_crt_get_auth_subkey: MODIFIED + +* Version 2.3.4 (released 2008-03-19) + +** Finish renaming of gnutls_certificate_export_x509_cas etc. +They weren't renamed in the public header file. + +** Added functions to register a cipher/mac/digest. This allows to +override the included ones. + +** Fix a bunch of compiler warnings. + +** API and ABI modifications: +gnutls_crypto_cipher_st: ADDED +gnutls_crypto_mac_st: ADDED +gnutls_crypto_digest_st: ADDED +gnutls_crypto_cipher_register: ADDED +gnutls_crypto_mac_register: ADDED +gnutls_crypto_digest_register: ADDED +GNUTLS_E_CRYPTO_ALREADY_REGISTERED: ADDED + +* Version 2.3.3 (released 2008-03-10) + +** Fix build failure in libextra/gnutls_extra.c that needed opencdk.h. +Reported by Roman Bogorodskiy . + +** No longer compiled using -D_REENTRANT -D_THREAD_SAFE. +We could not find any modern justification for enabling these flags by +default. If you know of some platform that needs one of the flags to +work properly, please let us know. (Actually introduced in v2.3.0 but +not documented until now.) + +** Importing many CA certificates are now considerably faster. +This affect gnutls_certificate_set_x509_trust_mem, +gnutls_certificate_set_x509_trust, and +gnutls_certificate_set_x509_trust_file. The complexity was reduced +from O(2*n^2) to O(n). When adding 206 files containing 408 +certificates, using gnutls_certificate_set_x509_trust_file, the time +dropped from 40 seconds to 0.3 seconds. Thanks to Edgar Fuß for code +to trigger the problem. See also +. + +** Clarify documentation for gnutls_x509_crt_set_subject_alternative_name +** to be explicit that it takes zero terminated data. + +** gnutls-cli --print-cert now print PKCS#3 format Diffie-Hellman parameters. + +** Documentation fixes for the GTK-DOC manual. + +** Fix compilation error related to __FUNCTION__ on some systems. +Reported by Tim Mooney, see +. + +** Updated translations. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_hex2bin: MODIFIED, uses size_t instead of int for string length, + and char* instead of void* for output buffer. + +* Version 2.3.2 (released 2008-02-26) + +** Fix srcdir!=objdir failure in openpgpself test. + +** Improved API documentation output from GTK-DOC. + +** Added gnutls_x509_dn_export(). Patch by Joe Orton. + +** Renamed gnutls_certificate_export_x509_cas and friends. +See . + +** Internal header files cleanup. + +** API and ABI modifications: +gnutls_certificate_export_x509_cas: RENAMED to gnutls_certificate_get_x509_cas +gnutls_certificate_export_x509_crls: RENAMED to gnutls_certificate_get_x509_crls +gnutls_certificate_export_openpgp_keyring: RENAMED to gnutls_certificate_get_openpgp_keyring +gnutls_x509_dn_export: ADDED + +* Version 2.3.1 (released 2008-02-21) + +** OpenPGP support merged into libgnutls and is now licensed under LGPL. +The included copy of OpenCDK has been stripped down and re-licensed +under the LGPL. + +** Cipher priority string handling now handle strings that starts with NULL. +Thanks to Laurence Withers . + +** gnutls-cli: When -d is used, also prints RNG information from libgcrypt. + +** Corrected memory leaks in session resuming and DHE ciphersuites. Reported +by Daniel Stenberg. + +** Increased the default certificate verification chain limits and allowed +for checks without limitation. + +** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() +and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary +strings and return the proper size. + +** Add section 'On Record Padding' to the manual. +This collects all problems related to record padding with +Nokia/Sony-Ericsson phones that we know about. + +** Several improvements in the OpenPGP authentication. +Now subkeys can be used for authentication, according to +draft-mavrogiannopoulos-rfc5081bis-00.txt. + +** certtool can print information on OpenPGP certificates and keys. + +** Added gnutls_x509_dn_import/init/deinit() to access raw DER DN. +Patch by Joe Orton. + +** Added gnutls_certificate_export_x509_cas and other functions to +export elements from the certificate credentials structure. Based on +suggestion from Joe Orton. + +** Doc fixes. +Clarify that srp_base64 is not the same as normal base64. + +** Fix non-portable use of brace expansion in makefiles. + +** API and ABI modifications: +gnutls_certificate_export_x509_cas: ADDED +gnutls_certificate_export_x509_crls: ADDED +gnutls_certificate_export_openpgp_keyring: ADDED +gnutls_openpgp_keyid_t: ADDED, instead of hard-coded 'unsigned char[8]'. +gnutls_openpgp_crt_get_key_id: ADDED, obsoletes gnutls_openpgp_crt_get_id. +gnutls_openpgp_crt_get_revoked_status: ADDED +gnutls_openpgp_crt_get_subkey_count: ADDED +gnutls_openpgp_crt_get_subkey_idx: ADDED +gnutls_openpgp_crt_get_subkey_revoked_status: ADDED +gnutls_openpgp_crt_get_subkey_pk_algorithm: ADDED +gnutls_openpgp_crt_get_subkey_creation_time: ADDED +gnutls_openpgp_crt_get_subkey_expiration_time: ADDED +gnutls_openpgp_crt_get_subkey_id: ADDED +gnutls_openpgp_crt_get_subkey_usage: ADDED +gnutls_openpgp_privkey_get_fingerprint: ADDED +gnutls_openpgp_privkey_get_key_id: ADDED +gnutls_openpgp_privkey_get_subkey_count: ADDED +gnutls_openpgp_privkey_get_subkey_idx: ADDED +gnutls_openpgp_privkey_get_subkey_revoked_status: ADDED +gnutls_openpgp_privkey_get_revoked_status: ADDED +gnutls_openpgp_privkey_get_subkey_pk_algorithm: ADDED +gnutls_openpgp_privkey_get_subkey_expiration_time: ADDED +gnutls_openpgp_privkey_get_subkey_id: ADDED +gnutls_openpgp_privkey_get_subkey_creation_time: ADDED +gnutls_openpgp_crt_get_subkey_pk_dsa_raw: ADDED +gnutls_openpgp_crt_get_subkey_pk_rsa_raw: ADDED +gnutls_openpgp_crt_get_pk_dsa_raw: ADDED +gnutls_openpgp_crt_get_pk_rsa_raw: ADDED +gnutls_openpgp_privkey_export_subkey_dsa_raw: ADDED +gnutls_openpgp_privkey_export_subkey_rsa_raw: ADDED +gnutls_openpgp_privkey_export_dsa_raw: ADDED +gnutls_openpgp_privkey_export_rsa_raw: ADDED +gnutls_openpgp_privkey_export: ADDED +gnutls_certificate_set_openpgp_key_file2: ADDED +gnutls_certificate_set_openpgp_key_mem2: ADDED +gnutls_x509_dn_init: ADDED +gnutls_x509_dn_import: ADDED +gnutls_x509_dn_deinit: ADDED +GNUTLS_E_OPENPGP_SUBKEY_ERROR: ADDED +gnutls_hex2bin: ADDED +GNUTLS_CRT_PRINT_FULL: ADDED, same as old GNUTLS_X509_CRT_FULL. +GNUTLS_CRT_PRINT_ONELINE: ADDED, same as old GNUTLS_X509_CRT_ONELINE. +GNUTLS_CRT_PRINT_UNSIGNED_FULL: ADDED, same as + old GNUTLS_X509_CRT_UNSIGNED_FULL. + +* Version 2.3.0 (released 2008-01-08) + +** LZO compression is now disabled by default. +The reason is that LZO compression is not standardized in TLS. If you +wish to experiment with it, you will have to supply --with-lzo when +invoking ./configure. The internal copy of minilzo is no longer +included with GnuTLS, so you will need to install liblzo or liblzo2 on +your system to have --with-lzo to be effective. + +** More than one server name field is now sent to the server properly. +Thanks to mark.phillips@virgin.net. + +** Fixes the post_client_hello_function(). The extensions are now parsed +in a callback friendly way. + +** Fix for certificate selection in servers with certificate callbacks. + +** Updated translations. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.5 (released 2008-05-19) + +** Fix flaw in fix for GNUTLS-SA-2008-1-3. +The flaw would result in incorrectly terminated sessions with the +error "Decryption has failed" when the server sends a small packet +(typically when the session is closed). Reported by Andreas Metzler + in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.4 (released 2008-05-19) + +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to + + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.3 (released 2008-05-06) + +** Increase default handshake packet size limit to 48kb. +The old limit was 16kb and some servers send huge list of trusted CAs, +thus running into the limit. FYI, applications can further increase +this limit using gnutls_handshake_set_max_packet_length. Thanks to +Marc Haber and "Marc F. Clemente" + for reporting and providing test servers. + +** Fix compilation error related to __FUNCTION__ on some systems. +Reported by Tim Mooney, see +. + +** Documented the --priority option to gnutls-cli and gnutls-serv. + +** Fix fopen file descriptor leak in PSK server code. +Thanks to Laurence Withers , see +. + +** Build Guile code with -fgnu89-inline only when supported. +Reported by Kris Karas in +. + +** Make Camellia encryption work. +Reported by Yoshisato YANAGISAWA in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.2 (released 2008-02-21) + +** Cipher priority string handling now handle strings that starts with NULL. +Thanks to Laurence Withers . + +** Corrected memory leaks in session resuming and DHE ciphersuites. Reported +by Daniel Stenberg. + +** Increased the default certificate verification chain limits and allowed +for checks without limitation. + +** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() +and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary +strings and return the proper size. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.1 (released 2008-01-17) + +** Prevent linking libextra against previously installed libgnutls. +Tiny patch from "Alon Bar-Lev" , see +. + +** Fixes the post_client_hello_function(). The extensions are now parsed +in a callback friendly way. + +** Fix for certificate selection in servers with certificate callbacks. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.0 (released 2007-12-14) + +** Update internal copy of libtasn1 to version 1.2. + +** Certtool --verify-chain now handle inputs larger than 64kb. +This fixes the self-test "rsa-md5-collision" under MinGW+Wine with +recent versions of libgcrypt. The problem was that Wine with the +libgcrypt RNG generates huge amounts of debugging output. + +** Translation updates. +Added Dutch translation. Updated Polish and Swedish translation. + +** Major changes compared to the v2.0 branch: + +*** SRP support aligned with newly published RFC 5054. + +*** OpenPGP support aligned with newly published RFC 5081. + +*** Support for DSA2 keys. + +*** Support for Camellia cipher. + +*** Support for Opaque PRF Input extension. + +*** PKCS#8 parser now handle DSA keys. + +*** Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc. +Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier +versions, such as 2.01 which is included with GnuTLS, is available +under GPLv2 or later. If this incompatibility causes problems, we +recommend you to disable LZO using --without-lzo. LZO compression is +not a standard TLS compression algorithm, so the impact should be +minimal. + +*** Functions for disabling record protocol padding. +Works around bugs on Nokia/Ericsson phones. + +*** New functions gnutls_priority_set() for setting cipher priorities easily. +Priorities like "COMPAT" also enables other work arounds, such as +disabling padding. + +*** Other minor improvements and bug fixes. + +** Backwards incompatible API/ABI changes in GnuTLS 2.2 +To adapt to changes in the TLS extension specifications for OpenPGP +and SRP, the GnuTLS API had to be modified. This means breaking the +API and ABI backwards compatibility. That is something we try to +avoid unless it is necessary. We decided to also remove the already +deprecated stub functions for X.509 to XML conversion and TLS +authorization (see below) when we had the opportunity. + +Generally, most applications does not need to be modified. Just +re-compile them against the latest GnuTLS release, and it should work +fine. + +Applications that use the OpenPGP or SRP features needs to be +modified. Below is a list of the modified APIs and discussion of what +the minimal things you need to modify in your application to make it +work with GnuTLS 2.2. + +Note that GnuTLS 2.2 also introduces new APIs -- such as +gnutls_set_priority() that is superior to +gnutls_set_default_priority() -- that you may want to start using. +However, using those new APIs is not required to use GnuTLS 2.2 since +the old functions continue are still supported. This text only +discuss what you minimally have to modify. + +*** XML related changes +The function `gnutls_x509_crt_to_xml' has been removed. It has been +deprecated and only returned an error code since GnuTLS version +1.2.11. Nobody has complained, so users doesn't seem to miss the +functionality. We don't know of any other library to convert X.509 +certificates into XML format, but we decided (long ago) that GnuTLS +isn't the right place for this kind of functionality. If you want +help to find some other library to use here, please explain and +discuss your use case on help-gnutls@gnu.org. + +*** TLS Authorization related changes +Everything related to TLS authorizations have been removed, they were +only stub functions that returned an error code: + + GNUTLS_SUPPLEMENTAL_AUTHZ_DATA + gnutls_authz_data_format_type_t + gnutls_authz_recv_callback_func + gnutls_authz_send_callback_func + gnutls_authz_enable + gnutls_authz_send_x509_attr_cert + gnutls_authz_send_saml_assertion + gnutls_authz_send_x509_attr_cert_url + gnutls_authz_send_saml_assertion_url + +*** SRP related changes +The callback gnutls_srp_client_credentials_function has a new +prototype, and its semantic has changed. You need to rewrite the +callback, see the updated function documentation and SRP example code +(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more +information. + +The alert codes GNUTLS_A_MISSING_SRP_USERNAME and +GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP +specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is +used. There are #define's to map the old names to the new. You may +run into problems if you have a switch-case with cases for both SRP +alerts, since they are now mapped to the same value. The solution is +to drop the SRP alerts from such switch cases, as they are now +deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY. + +*** OpenPGP related changes +The function `gnutls_certificate_set_openpgp_keyserver' have been +removed. There is no replacement functionality inside GnuTLS. If you +need keyserver functionality, consider using the GnuPG tools. + +All functions, types, and error codes related to OpenPGP trustdb +format have been removed. The trustdb format is a non-standard +GnuPG-specific format, and we recommend you to use key rings instead. +The following have been removed: + + gnutls_certificate_set_openpgp_trustdb + gnutls_openpgp_trustdb_init + gnutls_openpgp_trustdb_deinit + gnutls_openpgp_trustdb_import + gnutls_openpgp_key_verify_trustdb + gnutls_openpgp_trustdb_t + GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED + +The following functions has an added parameter of the (new) type +`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data +(binary or base64). The functions are: + gnutls_certificate_set_openpgp_key_file + gnutls_certificate_set_openpgp_key_mem + gnutls_certificate_set_openpgp_keyring_mem + gnutls_certificate_set_openpgp_keyring_file + +To improve terminology and align with the X.509 interface, some +functions have been renamed. Compatibility mappings exists. The old +and new names of the affected functions and types are: + + Old name New name + gnutls_openpgp_key_t gnutls_openpgp_crt_t + gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t + gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t + GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT + GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT + gnutls_openpgp_key_init gnutls_openpgp_crt_init + gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit + gnutls_openpgp_key_import gnutls_openpgp_crt_import + gnutls_openpgp_key_export gnutls_openpgp_crt_export + gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage + gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint + gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm + gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name + gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version + gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time + gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time + gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id + gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname + gnutls_openpgp_send_key gnutls_openpgp_send_cert + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.8 (released 2007-12-10) + +** The GPL version has been changed from version 2 to version 3. +This affects the self-tests, command-line tools, the libgnutls-extra +library, the relevant guile parts, and the build environment. + +** Added gnutls_x509_crt_get_subject_alt_name2(). + +** Corrected a segfault when setting an empty gnutls_priority_t +at gnutls_priority_set(). + +** Use gettext 0.17 which updates m4/lib-*.m4 macros. +Fixes a problem with spurious -L/usr/lib additions. + +** API and ABI modifications: +gnutls_x509_crt_get_subject_alt_name2: ADD. + +* Version 2.1.7 (released 2007-11-29) + +** PKCS #8 parser can now encode/decode DSA keys. + +** Updated gnutls_set_default_priority2() now renamed to +gnutls_priority_set() and gnutls_priority_set_direct() which +accept a string to indicate preferences of ciphersuite parameters. + +** gnutls-cli and gnutls-serv now have a --priority option to set +the priority string. + +** The gnutls_*_convert_priority() functions were deprecated by +the gnutls_priority_set() and gnutls_priority_set_direct(). + +** Internal copy of OpenCDK upgraded to version 0.6.6. + +** API and ABI modifications: +gnutls_priority_init: ADD. +gnutls_priority_deinit: ADD. +gnutls_priority_set: ADD. +gnutls_priority_set_direct: ADD. +gnutls_set_default_priority2: RENAMED to gnutls_priority_set_direct() +gnutls_mac_convert_priority: REMOVED +gnutls_compression_convert_priority: REMOVED +gnutls_protocol_convert_priority: REMOVED +gnutls_kx_convert_priority: REMOVED +gnutls_cipher_convert_priority: REMOVED +gnutls_certificate_type_convert_priority: REMOVED +gnutls_set_default_priority: UNDEPRECATED +gnutls_set_default_priority_export: UNDEPRECATED + +** Undocumented API and ABI modifications earlier in the 2.1.x series: +GNUTLS_CIPHER_UNKNOWN: ADD. +GNUTLS_CIPHER_CAMELLIA_128_CBC: ADD. +GNUTLS_CIPHER_CAMELLIA_256_CBC: ADD. +GNUTLS_KX_UNKNOWN: ADD. +GNUTLS_COMP_UNKNOWN: ADD. +GNUTLS_CRT_UNKNOWN: ADD. +gnutls_mac_get_id: ADD. +gnutls_compression_get_id: ADD. +gnutls_cipher_get_id: ADD. +gnutls_kx_get_id: ADD. +gnutls_protocol_get_id: ADD. +gnutls_certificate_type_get_id: ADD. +gnutls_handshake_post_client_hello_func: ADD. +gnutls_certificate_send_x509_rdn_sequence: ADD prototype to gnutls.h.in. + +* Version 2.1.6 (released 2007-11-15) + +** Corrected bug in decompression of expanded compression data. + +** Added the --to-p8 option to certtool to convert private keys +to PKCS #8 keys. + +** Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code. + +** gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted +private keys. + +** Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM. +During the 2.1.x series the GNUTLS_E_UNKNOWN_HASH_ALGORITHM error code +was renamed to GNUTLS_E_UNKNOWN_ALGORITHM, unfortunately without being +documented. This caused some problems (e.g., debian #450854). To +avoid backwards compatibility problems, this release revert this +change, so that GNUTLS_E_UNKNOWN_HASH_ALGORITHM works just like it has +done in GnuTLS 2.0.x and earlier, and add a new error code +GNUTLS_E_UNKNOWN_ALGORITHM. + +** Fixes several gtk-doc warnings. + +** API and ABI modifications: +GNUTLS_E_UNKNOWN_ALGORITHM: CHANGED. +GNUTLS_E_UNKNOWN_HASH_ALGORITHM: CHANGED. +GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR: ADD. + +* Version 2.1.5 (released 2007-11-01) + +** Fix PKCS#3 parameter export problem. + +** Improve certtool queries, they now print the default value. + +** Fix ABI version. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.4 (released 2007-10-27) + +** Added the --v1 option to certtool, to allow generating X.509 +version 1 certificates. + +** certtool: Add option --disable-quick-random to enable the old behaviour +of using /dev/random to generate keys. + +** Added priority functions that accept strings. + +** Added gnutls_set_default_priority2() which accepts a flag to indicate +priorities preferences. + +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). + +** The gnutls_certificate_set_openpgp_* functions were modified to include +the format. This makes the interface consistent with the x509 functions. + +** Internal copy of OpenCDK upgraded to version 0.6.5. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_certificate_set_openpgp_key_mem: MODIFIED +gnutls_certificate_set_openpgp_key_file: MODIFIED +gnutls_certificate_set_openpgp_keyring_mem: MODIFIED +gnutls_certificate_set_openpgp_keyring_file: MODIFIED +gnutls_set_default_priority: DEPRECATED +gnutls_set_default_priority_export: DEPRECATED +gnutls_set_default_priority2: ADDED +gnutls_session_enable_compatibility_mode: ADDED +gnutls_record_disable_padding: ADDED +gnutls_mac_convert_priority: ADDED +gnutls_compression_convert_priority: ADDED +gnutls_protocol_convert_priority: ADDED +gnutls_kx_convert_priority: ADDED +gnutls_cipher_convert_priority: ADDED +gnutls_certificate_type_convert_priority: ADDED +gnutls_openpgp_key_t: RENAMED to gnutls_openpgp_crt_t +gnutls_openpgp_key_status_t: RENAMED to gnutls_openpgp_crt_status_t +gnutls_openpgp_send_key: RENAMED to gnutls_openpgp_send_cert +gnutls_openpgp_key_init: RENAMED to gnutls_openpgp_crt_init +gnutls_openpgp_key_import: RENAMED to gnutls_openpgp_crt_import +gnutls_openpgp_key_export: RENAMED to gnutls_openpgp_crt_export +gnutls_openpgp_key_check_hostname: RENAMED to gnutls_openpgp_crt_check_hostname +gnutls_openpgp_key_get_creation_time: RENAMED to gnutls_openpgp_crt_get_creation_time +gnutls_openpgp_key_get_expiration_time: RENAMED to gnutls_openpgp_crt_get_expiration_time +gnutls_openpgp_key_get_fingerprint: RENAMED to gnutls_openpgp_crt_get_fingerprint +gnutls_openpgp_key_get_version: RENAMED to gnutls_openpgp_crt_get_version +gnutls_openpgp_key_get_pk_algorithm: RENAMED to gnutls_openpgp_crt_get_pk_algorithm +gnutls_openpgp_key_get_name: RENAMED to gnutls_openpgp_crt_get_name +gnutls_openpgp_key_deinit: RENAMED to gnutls_openpgp_crt_deinit +gnutls_openpgp_key_get_id: RENAMED to gnutls_openpgp_crt_get_id +gnutls_openpgp_key_get_key_usage: RENAMED to gnutls_openpgp_crt_get_key_usage +gnutls_openpgp_key_verify_ring: RENAMED to gnutls_openpgp_crt_verify_ring +gnutls_openpgp_key_verify_self: RENAMED to gnutls_openpgp_crt_verify_self + +* Version 2.1.3 (released 2007-10-17) + +** TLS authorization support removed. +This technique may be patented in the future, and it is not of crucial +importance for the Internet community. After deliberation we have +concluded that the best thing we can do in this situation is to +encourage society not to adopt this technique. We have decided to +lead the way with our own actions. + +** Re-enabled the 256 bit ciphers in the default priorities. + +** Corrected bugs in openpgp key verification using a keyring (both in +gnutls and opencdk) + +** API and ABI modifications: +gnutls_certificate_set_openpgp_keyserver: REMOVED +gnutls_authz_data_format_type_t, +gnutls_authz_recv_callback_func, +gnutls_authz_send_callback_func, +gnutls_authz_enable, +gnutls_authz_send_x509_attr_cert, +gnutls_authz_send_saml_assertion, +gnutls_authz_send_x509_attr_cert_url, +gnutls_authz_send_saml_assertion_url: REMOVED. +GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the + gnutls_supplemental_data_format_type_t enum type becomes empty. + +* Version 2.1.2 (released 2007-10-14) + +** Removed all the trustdb code from openpgp authentication. +We now use only the well-specified keyrings. + +** The 256 bit ciphers are not enabled in the default priorities. + +** Added support for DSA2 using libgcrypt 1.3.0. + +** certtool: Fixed data corruption when using --outder. + +** Removed all the xml related stubs and functions. + +** Added capability to set a callback after the client hello is received +by the server in order to adjust parameters before the handshake. + +** SRP was corrected to adhere to the latest draft (published soon as RFC) + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** Updated the DN parser which now prints wrongly decoded values as hex +strings. + +** certtool: Add option --quick-random. +For generating low security test credentials. + +** API and ABI modifications: +gnutls_x509_crt_to_xml: REMOVED +gnutls_openpgp_key_to_xml: REMOVED +gnutls_openpgp_key_verify_trustdb: REMOVED +gnutls_openpgp_trustdb_init: REMOVED +gnutls_openpgp_trustdb_deinit: REMOVED +gnutls_openpgp_trustdb_import: REMOVED +gnutls_certificate_set_openpgp_trustdb: REMOVED +gnutls_srp_client_credentials_function: CHANGED +gnutls_handshake_set_post_client_hello_function: ADDED +gnutls_mac_get_key_size: ADDED +GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED: DEPRECATED. +GNUTLS_A_MISSING_SRP_USERNAME: DEPRECATED +GNUTLS_A_UNKNOWN_SRP_USERNAME: DEPRECATED + +* Version 2.1.1 (released 2007-09-24) + +** Added support for Camellia cipher, thanks to Yoshisato YANAGISAWA. +Camellia is only enabled in GnuTLS if the installed libgcrypt has been +compiled with Camellia support. See the libgcrypt documentation on +how to enable it. Unconditionally disable it using the configure +option --disable-camellia. Fixes #1. + +** Properly document in the NEWS file the API change in the last release. + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.0 (released 2007-09-20) + +** Support for draft-rescorla-tls-opaque-prf-input-00.txt. +The support is disabled by default. Since no value has been allocated +by the IANA for this extension yet, you will need to provide one +yourself by invoking './configure --enable-opaque-prf-input=42'. +Fixes #2. + +** Example code: Fix compilation flaw under MinGW. + +** API and ABI modifications: +gnutls_oprfi_callback_func: ADD, new typedef function prototype. +gnutls_oprfi_enable_client: ADD, new function. +gnutls_oprfi_enable_server: ADD, new function. + +* Version 2.0.4 (released 2007-11-16) + +** Corrected bug in decompression of expanded compression data. + +** API and ABI modifications: +No changes since last version. + +* Version 2.0.3 (released 2007-11-10) + +** This version backports several fixes from the 2.1.x branch. + +** Fixed PKCS #3 parameter export. + +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** API and ABI modifications: +gnutls_session_enable_compatibility_mode: ADDED +gnutls_record_disable_padding: ADDED + +* Version 2.0.2 (released 2007-10-17) + +** TLS authorization support removed. +This technique may be patented in the future, and it is not of crucial +importance for the Internet community. After deliberation we have +concluded that the best thing we can do in this situation is to +encourage society not to adopt this technique. We have decided to +lead the way with our own actions. + +** certtool: Fixed data corruption when using --outder. + +** Fix configure-time Guile detection. + +** API and ABI modifications: +GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the + gnutls_supplemental_data_format_type_t enum type becomes empty. + +* Version 2.0.1 (released 2007-09-20) + +** New directory doc/credentials/ with test credentials. +This collects the test credentials from the web page and from src/. +The script gnutls-http-serv has also been moved to that directory. + +** Update SRP extension type and cipher suite with official IANA values. +This breaks backwards compatibility with SRP in older versions of +GnuTLS, but this is intentional to speed up the adoption of the +official values. The old values we used were incorrect. + +** Guile: Fix `x509-certificate-dn-oid' + +** API and ABI modifications: +No changes since last version. + +* Version 2.0.0 (released 2007-09-04) + +** Included copy of Libtasn1 upgraded to version 1.1. + +** Disable building of some examples if anonymous ciphers are disabled. + +** Don't build examples for disabled features. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.19 (released 2007-08-27) + +** Fix gnutls_error_is_fatal so that positive "errors" are non-critical. +This solves connection problems in mutt, see +. + +** Update gnulib files. +In particular, the getpass module -- with its dependencies on getline, +getdelim, fseeko etc -- where moved from the lgl/ (used by the core +library) directory to the gl/ directory (only used by the command line +tools). The reason is that getpass is now only used by the +command-line tools, and reducing the number of gnulib modules linked +to the core library helps portability and reduces size. + +** Fix warnings. + +** Disable building of PGP examples if PGP is disabled. + +** Included copy of OpenCDK upgraded to version 0.6.4. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.18 (released 2007-08-16) + +** Install images for the info manual. +This has a side effect of renaming the images. See + for +discussions on the approach chosen. + +** Fix pointer mix to variables of different size. +Patch extracted from +. + +** Fix warnings during build. +Thanks to Andreas Metzler . + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.17 (released 2007-08-15) + +** New functions to perform external signing. +Set the signing callback function (of the gnutls_sign_func prototype) +using the gnutls_sign_callback_set function. In the callback, you may +find the new functions gnutls_x509_privkey_sign_hash and +gnutls_openpgp_privkey_sign_hash useful. A new function +gnutls_sign_callback_get is also added, to retrieve the function +pointer. Thanks to "Alon Bar-Lev" for +comments and testing. + +** New self test of client and server authenticated X.509 TLS sessions. +See tests/x509self.c and tests/x509signself.c. The latter also tests +the new external signing callback interface. + +** New errors GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX. +These two actually describe the outer limits of a range of error codes +reserved to the application. All of the errors are treated as fatal +by the library (it has to since it doesn't know the semantics of the +error codes). This can be useful in callbacks, to signal some +application-specific error condition, which will usually eventually +cause some gnutls API to return the same error code as the callback, +which then can be inspected by the application. Note that error codes +are negative. + +** gnutls_set_default_priority now disable TLS 1.2 by default. +The RFC is not released yet, and we're approaching a major release so +let's not enable it just yet. + +** Fix namespace so that gnutls_*_t is used consistently. +Before, many places in the GnuTLS code used the old deprecated type +names without the '_t' suffix. + +** Build fixes for Guile code. +Patch from Ludovic Courtes . + +** More documentation fixes. +In particular, the section headings were modified for casing. By +Ludovic Courtes . + +** Updated Polish and Swedish translations. +Thanks to Jakub Bogusz and Daniel Nylander +. + +** API and ABI modifications: +gnutls_sign_func: ADD, new type for sign callback. +gnutls_sign_callback_set: ADD, new function to set sign callback. +gnutls_sign_callback_get: ADD, new function to retrieve sign callback. +gnutls_x509_privkey_sign_hash, +gnutls_openpgp_privkey_sign_hash: ADD, new functions useful in sign callback. +GNUTLS_E_APPLICATION_ERROR_MIN, +GNUTLS_E_APPLICATION_ERROR_MAX: ADD, new CPP #defines for error codes. + +* Version 1.7.16 (released 2007-08-07) + +** Fix sanity checks and return values in certificate selection. +In some cases, GnuTLS omitted to report suitable error codes when no +suitable certificate was found. + +** Fix gnutls-cli starttls EOF on Mac OS X. +Thanks to Hal Eden . + +** Documentation fixes. +In particular, the section headings were modified for casing. By +Ludovic Courtes . + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.15 (released 2007-07-02) + +** Fix self-tests key-id under mingw32. + +** Test that the Guile header files are recent enough to work. +Before we just tested that the command line tool 'guile' was recent +enough, which may not be sufficient if you still have an old +libguile.h header installed. + +** Guile bindings are now installed under $prefix by default. +Use --without-guile-site-dir to install it under $pkgdatadir/site/ +where $pkgdatadir is as returned by "guile-config info pkgdatadir". +Use --with-guile-site-dir=/your/own/path to specify the path manually. +The default, --with-guile-site-dir, will install the Guile bindings +under $datadir/guile/site. There is a new section 'Guile +Preparations' in the manual that discuss these issues. + +** Fix run-time library path ordering in linking the Guile bindings. + +** Improved manual on downloading, installing, getting help, bug reports etc. +Suggested by Ludovic Courtès . + +** Add Malay message translations. +Thanks to Sharuzzaman Ahmat Raslan . + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.14 (released 2007-06-26) + +** Don't enable Guile bindings unless we have Guile 1.8 or later. +Patch from Ludovic Courtès . + +** Fix memory leak during DSA signature verification. +Patch from Ludovic Courtès . + +** Fix crash in gnutls-cli when TLS handshake fails. +Reported by Marc Haber and Andreas +Metzler via Debian BTS #429183, see +. + +** Minor OpenPGP fixes in stream_to_datum. +Patch from Timo Schulz and Ludovic Courtès +. + +** Fix off-by-one in TLS 1.2 handshake. +Patch from Ludovic Courtès . + +** Minor Guile binding self-test cleanup. +Patch from Ludovic Courtès . + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.13 (released 2007-06-11) + +** OpenCDK copy updated to version 0.6.3. + +** Build fixes for GnuTLS Guile bindings. +Patch from Ludovic Courtès . + +** Build fix for GTK-DOC manual. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.12 (released 2007-06-08) + +** Guile bindings for GnuTLS have been included. +Contributed by Ludovic Courtès . There is a +new chapter 'Guile Bindings' in the manual. + +** Have PKCS8 parser return better error codes. +Reported by Nate Nielsen , see + and +. + +** Fix mem leak for sessions with client authentication via certificates. +Reported by Andrew W. Nosenko , see +. + +** Fix mem leaks. +Reported by Dennis Vshivkov , see +. Added +self-test tests/parse_ca.c to test regressions. + +** Fix build failures related to missing images in manual. +Reported by Andreas Metzler . + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.11 (released 2007-05-26) + +** Include opencdk.h in the release. +Reported by Roman Bogorodskiy . + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.10 (released 2007-05-25) + +** New API functions to extract DER encoded X.509 Subject/Issuer DN. +Suggested by Nate Nielsen . + +** Update of gnulib files. + +** GnuTLS is now developed in GIT instead of CVS. +See for a public repository. + +** API and ABI modifications: +gnutls_x509_crt_get_raw_issuer_dn: ADD. +gnutls_x509_crt_get_raw_dn: ADD. + +* Version 1.7.9 (released 2007-05-12) + +** X.509 certificates are preferred over OpenPGP keys. +This is a change in the semantics of gnutls_set_default_priority. + +** The included copy of OpenCDK has been updated to 0.6.1. +There has been some API changes in OpenCDK, and the GnuTLS layer have +been modified as well. Note that while there are API/ABI incompatible +changes in OpenCDK, this does not influence GnuTLS's API/ABI because +its API/ABI have not changed. From this version on, GnuTLS requires +OpenCDK 0.6.0 or later. + +** Fix build failure caused by missing doc/gnutls-logo.pdf. + +** Change certtool's default serial number from 0 to a time-based value. + +** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. +Before, we remove the parameters field, which resulted in a slightly +different DER encoding which in turn caused signature verification +failures of GnuTLS-generated RSA certificates in some other +implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs +you read, this may or may not be correct, but our new behaviour appear +to be consistent with other widely used implementations. + +** Fix mem leaks in gnutls_x509_crt_print. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.8 (released 2007-04-16) + +** Added examples for the authorization extension. +See doc/examples/ex-client-authz.c and doc/examples/ex-serv-authz.c. + +** The examples only use gnutls_set_default_priority(). +The exception is when DH_ANON is needed. + +** Improve gnutls_set_default_priority() priorities. +The new approach is for it to try and negotiate all secure and +standard mechanisms available. Currently, DH_ANON ciphersuites and +LZO compressions are not enabled by default, because they are, +respectively, insecure and non-standardized. Note that TLS 1.2 will +not be enabled by default in non-experimental release until it has +been approved by the IETF. + +** gnutls-cli and gnutls-serv now uses the library's default priorities. +This means that to get DH_ANON and LZO compression, you'll need to +specify that manually using '--kx anon' or '--comp lzo'. + +** Minor fixes to the human display format of X.509 certificates. + +** New APIs to extract Distinguished Name's from X.509 certificates. +Based on patch from Howard Chu . + +** Improved library searching for opencdk. +It will now add the appropriate -R or -Wl,-rpath flags as necessary. +The deprecated opencdk.m4 is no longer used. + +** New APIs to list supported algorithms in the library. +The APIs are gnutls_cipher_list, gnutls_mac_list, +gnutls_compression_list, gnutls_protocol_list, +gnutls_certificate_type_list, gnutls_kx_list, and +gnutls_cipher_suite_info. Suggested by Howard Chu . + +** The gnutls_x509_crt_get_key_id API now handle non-RSA/DSA keys. + +** New configure option --disable-tls-authorization to disable tls-authz. + +** Fix prototype for `gnutls_psk_set_client_credentials'. +The last parameter was renamed from 'flags' to 'format' and the type +changed from 'unsigned int' to 'gnutls_psk_key_flags' (an enum type), +which shouldn't cause any ABI changes. Reported by ludo@chbouib.org +(Ludovic Courtès). + +** Fix allocation in gnutls_certificate_set_openpgp_key. +Tiny patch from ludo@chbouib.org (Ludovic Courtès). + +** API and ABI modifications: +gnutls_x509_dn_t: ADD. +gnutls_x509_ava_st: ADD. +gnutls_x509_crt_get_subject, +gnutls_x509_crt_get_issuer: ADD. +gnutls_x509_dn_get_rdn_ava: ADD. +gnutls_cipher_list: ADD. +gnutls_mac_list: ADD. +gnutls_compression_list: ADD. +gnutls_protocol_list: ADD. +gnutls_certificate_type_list: ADD. +gnutls_kx_list: ADD. +gnutls_cipher_suite_info: ADD. + +* Version 1.7.7 (released 2007-02-22) + +** Support for supplemental handshake messages and authorization data. +Supplemental data is described in RFC 4680 and the authorization +extensions in draft-housley-tls-authz-extns-07. + +** Support for authorization data in gnutls-cli and gnutls-serv. +New parameters --authz-x509-attr-cert and --authz-saml-assertion. + +** Fix for gnutls_x509_crt_check_hostname. +Before it would have reported that the certificate matched a hostname +when it did not have any dNSName or any CN field. Report and tiny +patch from "Richard W.M. Jones" . + +** New self test for RFC 2818 comparison in gnutls_x509_crt_check_hostname. +Tests regressions of the bug, and several other features. + +** GnuTLS now matches URI's with IP Addresses against iPAddress SAN's. +Before there were no support for iPAddress SAN's during comparison. + +** New API to print information about CRL's. +The function is gnutls_x509_crl_print. + +** New API to extract signature value from CRL's. +The function is gnutls_x509_crl_get_signature. + +** Support for directoryName Subject Alternative Name's. +The gnutls_x509_crt_get_subject_alt_name function returns the DN as a +string in the provided buffer. + +** Internal improvements to certtool. +It uses gnutls_x509_crl_print to print CRL information. It uses some +more gnulib modules to simplify error handling. + +** API and ABI modifications: +GNUTLS_HANDSHAKE_SUPPLEMENTAL: ADD, new gnutls_handshake_description_t element. +gnutls_supplemental_data_format_type_t: ADD. +gnutls_authz_data_format_type_t: ADD. +gnutls_supplemental_get_name: ADD. +gnutls_authz_recv_callback_func, +gnutls_authz_send_callback_func: ADD, callback prototypes. +gnutls_authz_enable: ADD. +gnutls_authz_send_x509_attr_cert, +gnutls_authz_send_saml_assertion, +gnutls_authz_send_x509_attr_cert_url, +gnutls_authz_send_saml_assertion_url: ADD. +GNUTLS_SAN_DN: ADD, new gnutls_x509_subject_alt_name_t element. +gnutls_x509_crl_print: ADD. +gnutls_x509_crl_get_signature: ADD. + +* Version 1.7.6 (released 2007-02-12) + +** Support for 'otherName' Subject Alternative Names. +The existing API gnutls_x509_crt_get_subject_alt_name may now return +the new type GNUTLS_SAN_OTHERNAME together with the otherName value. +To find out the otherName OID (necessary for proper parsing of the +value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid. +For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will +return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to +simplify OID matching. Suggested by Matthias Wimmer . + +** Certtool can print otherName SAN values for certificates. +For known otherName OIDs (currently only id-on-xmppAddr as defined by +RFC 3920), it will also print the name. + +** Fix TLS 1.2 RSA signing in servers. +Before it used the old-style MD5+SHA1 signature, but the TLS +signatures should be normal PKCS#1 signatures. FYI, we use and +require that DigestInfo parameters are present and NULL for TLS 1.2. + +** Add APIs to access X.509 extensions sequentially. +The existing APIs gnutls_x509_crt_get_extension_oid() and +gnutls_x509_crt_get_extension_by_oid() does not permit callers to +inspect the extensions in the order defined by the certificate. + +** Add API to extract signature value from X.509 certificates. +The function is gnutls_x509_crt_get_signature. + +** Fix crash when generating proxy certificates in batch mode. +If you don't specify a proxy policy in batch mode, it will use +id-ppl-inheritALL. + +** Add API to print information about X.509 certificates. +The function is gnutls_x509_crt_print. + +** Certtool uses the new API gnutls_x509_crt_print to print certificate info. +One consequence of this is that the output syntax has changed +slightly. Some more fields are printed. + +** Doc fixes. + +** API and ABI modifications: +gnutls_x509_crt_print: ADD +gnutls_certificate_print_formats_t: ADD, new enum. +gnutls_x509_crt_get_signature: ADD. +gnutls_x509_crt_get_extension_data: ADD. +gnutls_x509_crt_get_extension_info: ADD. +gnutls_x509_crt_get_subject_alt_othername_oid: ADD. +GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element. +GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element. + +* Version 1.7.5 (released 2007-02-06) + +** Servers won't negotiate SRP RSA/DSS cipher suites if no SRP credential +** is set. + +** Default behaviour for the gnutls-cli and gnutls-serv tools improved. + +** Fix --list output for gnutls-cli and gnutls-serv. +Mention TLS1.2, SHA512 etc. + +** Manual contains new section on setting up a test HTTP server. +A server set up following those descriptions are available online via +. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.4 (released 2007-02-05) + +** Support for RSA signing using SHA-256/384/512. +A new self test "sha2" tries to build a long X.509 certificate chain +testing all new hashes. + +** The gnutls-serv tool now use static DH parameters if none are supplied. + +** Discuss proxy certificates in the manual. + +** Improve bibliographical citations in the manual. + +** Update of gnulib files. + +** Fix certtool template handling of pathLenConstraints. +It now defaults to -1 instead of 0, which causes the field to be +missing unless the template specify it. + +** API and ABI modifications: +GNUTLS_MAC_SHA256, +GNUTLS_MAC_SHA384, +GNUTLS_MAC_SHA512: New gnutls_mac_algorithm_t values. +GNUTLS_DIG_SHA256, +GNUTLS_DIG_SHA384, +GNUTLS_DIG_SHA512: New gnutls_digest_algorithm_t values. +GNUTLS_SIGN_RSA_SHA256, +GNUTLS_SIGN_RSA_SHA384, +GNUTLS_SIGN_RSA_SHA512: New gnutls_sign_algorithm_t values. + +* Version 1.7.3 (released 2007-02-01) + +** New option to certtool: --generate-proxy. +This will generate a Proxy Certificate from an end entity certificate. +Proxy Certificates are documented in RFC 3820. You will need to +specify the proxy certificate's private key with --load-privkey, the +user certificate with --load-certificate and the private key used to +sign the new proxy certificate with --load-ca-privkey. Certtool will +query for proxy path length and the policy language OID. Currently +only OIDs that have an empty policy are supported (which includes the +two OIDs defined by RFC 3820). + +** Certtool --certificate-info now prints information for Proxy Certificates. +Before the proxy extension was just printed as DER encoded data. + +** New APIs to set proxy subject names and get/set proxy cert extension. + +** Fix parsing of pathLenConstraints in BasicConstraints with missing cA. + +** Added self-test to test for regressions of pathLenConstraint bug. +Incidentally, this also test (some) other regressions or changes in +the output from certtool --certificate-info. + +** When certtool generates CA certificates, pressing enter on the path +** length constraint query will now remove the field. +Before it set the path length constraint to 0, which is a rather poor +default. + +** Certtool now print times in UTC when printing certificate/CRL info. + +** Add better fix to work around C++ compiler bug on Mac OS X. +Reported and tiny patch provided by Matthias Scheler . + +** Fix import of ASCII armored OpenPGP keys. +Patch by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_x509_crt_set_proxy_dn: ADD. +gnutls_x509_crt_set_proxy: ADD. +gnutls_x509_crt_get_proxy: ADD. + +* Version 1.7.2 (released 2007-01-14) + +** Certtool now print the value of the pathLenConstraints field for certs. + +** Certtool now query for path length constraints when generating CA certs. +For batch uses, the certtool configuration name is "path_len". +Suggested by Sascha Ziemann . + +** Add new API to get/set pathLenConstraint in the Basic Constraints. +The new functions gnutls_x509_crt_get_basic_constraints and +gnutls_x509_crt_set_basic_constraints provide a superset of the +functionality in the old gnutls_x509_crt_get_ca_status and +gnutls_x509_crt_set_ca_status (respectively), but the old functions +will continue to be supported. + +** Add new API in OpenCDK to extract public/secret OpenPGP key to S-expr. +The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp. A proper +OpenCDK release with this patch will be made soon, which should bump +the OpenCDK version number. Patch by Mario Lenz . + +** Certtool --to-p12 can now store more than one certificate in the blob. +Before it could only store one certificate, but now it will read and +store as many certificate there are from the --load-certificate file. +Suggested by Sascha Ziemann . + +** Clean up separation of gnutls and gnutls-extra for OpenPGP. +In particular, the OpenPGP function variables are no longer part of +the exported libgnutls interface, and no header files from +libgnutls-extra (GPL) are needed by libgnutls (LGPL). The variables +were never intended for non-internal purposes, and thus this does not +imply a change in the external API/ABI. + +** Print URL to gaa when missing, and fix srcdir!=builddir for GAA files. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc. +Before these parameters were set to make GnuTLS build under mingw32, +however, they appear to no longer be necessary. + +** A minor fix to the C++ library to make it build. +Reported by Pavlov Konstantin . + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_x509_crt_get_basic_constraints: ADD. +gnutls_x509_crt_set_basic_constraints: ADD. +cdk_pubkey_to_sexp: ADD (in opencdk). +cdk_seckey_to_sexp: ADD (in opencdk). + +* Version 1.7.1 (released 2006-12-28) + +** TLS 1.2 server side fix. +The Certificate Request sent did not contain the list of supported +hashes field, thus violating the protocol. It will now contain an +empty list. Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** TLS 1.2 DSA signature verification fix. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Fix the list of trusted CAs that server's send to clients. +Before, the list contained issuer DN's instead of subject DN's of the +trusted CAs. Reported by Max Kellermann . + +** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. +Also added a self-test in tests/certificate_set_x509_crl.c to test the +function. Reported by Max Kellermann . + +** Encode UID fields in DN's as DirectoryString. +Before GnuTLS encoded and parsed UID fields as IA5String. This was +incorrect, it should have used DirectoryString. Now it will use +DirectoryString for the UID field, but for backwards compatibility it +will also accept IA5String UID's. Reported by Max Kellermann +. + +** Improve out-of-sourcedir builds from CVS. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Bootstrap tools changed. +We now require autoconf 2.61, automake 1.10, and gettext 0.16, when +building GnuTLS from CVS. Libtool 1.5.22 is used. + +** Fixed a syntax error in lib/gnutls.asn. +Reported by Paul Millar . + +** Added German translation of GnuTLS messages. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.0 (released 2006-11-29) + +** The default protocol priority try TLS 1.1 and TLS 1.2 too. +The details is that the protocol priority set by +`gnutls_set_default_priority' has been changed from TLS 1.0 and SSL +3.0 to TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0. + +** Preliminary support for TLS 1.2. +The client has been successfully tested against +https://www.mikestoolbox.org:4433/. + +** Anonself test now print a lot of debugging info, including TLS version. + +** Doc fixes in OpenCDK, to avoid some gtk-doc warnings. + +** Update of gnulib files. + +** API and ABI modifications: +GNUTLS_TLS1_2: New gnutls_protocol_t enum member. + +*** Pulled up from stable 1.6.x branch: + +** Fix ./configure failure with non-GCC compilers. +This fixes the following error message: +configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. +Reported by "Michael C. Vergallen" . + +* Version 1.6.3 (released 2007-05-26) + +** New API functions to extract DER encoded X.509 Subject/Issuer DN. +Suggested by Nate Nielsen . Backported +from the 1.7.x branch, see +. + +** Have PKCS8 parser return better error codes. +Reported by Nate Nielsen , see + and +. + +** Fix mem leak for sessions with client authentication via certificates. +Reported by Andrew W. Nosenko , see +. + +** Fix building of 'tlsia' self test. +Earlier some gcc are known to build tlsia linking to +$prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in +the build directory, even though command line parameters look OK. +Changing order of some parameters fixes it. + +** API and ABI modifications: +gnutls_x509_crt_get_raw_issuer_dn: ADD. +gnutls_x509_crt_get_raw_dn: ADD. + +* Version 1.6.2 (released 2007-04-18) + +** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. +Before, we remove the parameters field, which resulted in a slightly +different DER encoding which in turn caused signature verification +failures of GnuTLS-generated RSA certificates in some other +implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs +you read, this may or may not be correct, but our new behaviour appear +to be consistent with other widely used implementations. + +** Regenerate the PKIX ASN.1 syntax tree. +For some reason, after changing the ASN.1 type of ldap-UID in the last +release, the generated C file built from the ASN.1 schema was not +refreshed. This can cause problems when reading/writing UID +components inside X.500 Distinguished Names. Reported by devel +. + +** Updated translations. + +** API and ABI modifications: +No changes since last version. + +* Version 1.6.1 (released 2006-12-28) + +** Fix the list of trusted CAs that server's send to clients. +Before, the list contained issuer DN's instead of subject DN's of the +trusted CAs. Reported by Max Kellermann . + +** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. +Reported by Max Kellermann . + +** Encode UID fields in DN's as DirectoryString. +Before GnuTLS encoded and parsed UID fields as IA5String. This was +incorrect, it should have used DirectoryString. Now it will use +DirectoryString for the UID field, but for backwards compatibility it +will also accept IA5String UID's. Reported by Max Kellermann +. + +** Fix ./configure failure with non-GCC compilers. +This fixes the following error message: +configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. +Reported by "Michael C. Vergallen" . + +** API and ABI modifications: +No changes since last version. + +* Version 1.6.0 (released 2006-11-17) + +** No changes since 1.5.5. +The major changes compared to the 1.4.x branch are: + +*** A GnuTLS C++ library is part of the official distribution. +Currently there are no examples or documentation, but hopefully this +will change. See gnutlsxx.h for the API. + +*** Windows is a supported platform. +There are, however, two know bugs. One is related to select() in +command line tools (not, nota bene, in the library), the other is a +problem with libgcrypt that causes delays. Help is needed to resolve +those issues, so we feel we can't delay the release because of this. + +*** New APIs for custom push/pull function error reporting. +The new APIs are gnutls_transport_set_errno and +gnutls_transport_set_global_errno. See the release notes for version +1.5.4 for more information. + +*** Self tests are run under valgrind, if available. See --disable-valgrind. + +* Version 1.5.5 (released 2006-11-16) + +** Correctly bump shared library version after adding new APIs. +This was forgotten in the last release. + +** Fix unsigned vs signed problem in ex-x509-info.c example. +Reported by Tim Kosse . + +** Fix the rsa-md5-collision self test to work for MinGW+Wine. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.4 (released 2006-11-07) + +** New API functions to set errno in push/pull functions. +Under Windows, setting the errno variable in a push/pull replacement +may end up setting the wrong errno variable, and GnuTLS send/recv +functions become confused about the real errno returned from a failed +push/pull function. Therefor, we have added two APIs to set the errno +variable used by GnuTLS. The APIs can also help to keep things +thread-safe, by avoiding potentially global variables. Typically, +instead of setting errno in your push/pull function, you will call one +of these functions. It is recommended to use +gnutls_transport_set_errno, but if you don't have the session variable +easily accessible in the push/pull replacement function, you can use +gnutls_transport_set_global_errno. Suggested by Tim Kosse +. + +void gnutls_transport_set_errno (gnutls_session_t session, int err); +void gnutls_transport_set_global_errno (int err); + +** When calling `recv' or `send' Windows errors are handled properly. +The Windows recv/send functions doesn't use errno, and GnuTLS now use +WSAGetLastError to access the error condition instead. + +** Several OpenPGP API fixes. +All suggested by ludovic.courtes@laas.fr (Ludovic Courtès). The most +important fix is to change the return value of +gnutls_openpgp_privkey_get_pk_algorithm and +gnutls_openpgp_key_get_pk_algorithm from 'int' to +'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI +compatible with 'int'). + +** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS +** version, try to negotiate the highest version support by the GnuTLS server, +** instead of the lowest. +Reported by . + +** Replace old constructs with use of gnulib modules. +For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in +the code. If the headers doesn't exist on the target system, gnulib +will make sure its replacement header files are used instead. + +** Fix SOVERSION computation for *.def files. +This fixes build errors similar to "No rule to make target +`libgnutls-`expr', needed by `all-am'." when building for Windows. + +** gnutls_check-version uses strverscmp from gnulib. + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_transport_set_errno: ADD +gnutls_transport_set_global_errno: ADD + +* Version 1.5.3 (released 2006-10-26) + +** Add new self-test of RSA-MD5 signature chains. +Note that we already, since GnuTLS 1.2.9, reject RSA-MD5 signatures +when verifying X.509 chains. The code is in tests/rsa-md5-collision/ +and is based on the work by Marc Stevens et al, see +. + +** Re-factor self tests. + +** The include copy of Libtasn1 is updated to version 0.3.7. + +** The included copy of OpenCDK is updated to version 0.5.11. + +** Fix the filename of the *.def file on Windows after library version bump. + +** Separated the gnulib directory into one for LGPL modules and one for GPL. +This allows the GPL'd part of GnuTLS to take advantage of the GPL'd +gnulib modules. Earlier we could only use the LGPL'ed module from +gnulib, because two gnulib directories in the same project didn't +work. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.2 (released 2006-10-03) + +** Decrement the shared library version back to 13 (as in the 1.4.x branch). +Note that if you installed 1.5.0 or 1.5.1, they will have a higher +shared library version than this version, so you'll have to remove +them and possibly relink your applications. The reason for this is +that no API/ABI changes have been made since the 1.4.x branch, and +that incrementing the shared library version was a mistake. Reported +by Andreas Metzler . + +** Fix off-by-one error when computing length to malloc. +The code is used by gnutls_openpgp_add_keyring_file and +gnutls_openpgp_add_keyring_mem. Reported by "Adam Langley" +. + +** Add version script for the GnuTLS C++ library. +Reported by Andreas Metzler . + +** Fix the C++ compiler detection logic. +Reported by Andreas Metzler . + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.1 (released 2006-09-21) + +** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's +** Crypto 06 rump session attack. +In particular, we check that the digestAlgorithm.parameters field is +missing or empty, to avoid that it can contain "garbage" that may be +used to alter the numeric properties of the signature. See + (which is +not exactly the same as the problem we fix here). Reported by Yutaka +OIWA . + +See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more +up to date information. + +** Add self test to test for above flaw. + +** Fix gnutls-cli-debug regarding resume support detection. +Earlier, if the session-id from the server had a length of 0, it would +indicate that the server supports resumption, which isn't the case. +Reported by Kataja Kai . + +** Fix building of examples on FreeBSD by including netinet/in.h. +Reported by Roman Bogorodskiy . + +** Fix certtool bug that caused the private key to not be loaded when +generating a certificate with --load-request, which in turn triggered +another unrelated bug in gnutls_x509_crt_sign2 (also fixed). Reported +by Sascha Ziemann . + +** gnutls-cli and gnutls-serv works on Windows. +The problem was the select() call that doesn't work on file +descriptors (stdin) on Windows. We borrowed some code from plibc to +solve this. It appears to be somewhat unreliable though. + +** Autoconf 2.60 is now used. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.0 (released 2006-08-13) + +** Change SRP and Cert-Type extensions to match IANA registry. + +** Fixed bug in OpenPGP authentication handshake. + +** Improvements for building under MinGW. +Provides internal inet_ntop and inet_pton functions and arpa/inet.h +header. Calls WSAStartup and WSACleanup in gnutls_global_init and +gnutls_global_deinit, respectively. Loads getaddrinfo and getnameinfo +at run-time from ws2_32.dll, and falls back on a simple replacement if +it is not available. Builds the library with -mms-bitfields +-Wl,--enable-runtime-pseudo-reloc. Links with --output-def, to +create *.def files, which are installed. + +** The examples now (conditionally) include config.h and link to gnulib. +No other source changes were necessary, so the examples should +continue to be possible to use stand-alone without any autoconf or +gnulib stuff. + +** Added C++ header "gnutlsxx.h" and library "libgnutlsxx". +You may unconditionally disable it with --disable-cxx. See +includes/gnutls/gnutlsxx.h and lib/gnutlsxx.cpp for the +implementation. + +** Made command line tool '--version' behave according to GNU Standards. +This enables 'make distcheck' to succeed. + +** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. + +** Make --without-included-libtasn1 work. +Reported by Daniel Black . + +** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. +See https://www.gnu.org/software/gnutls/security.html regardging +GNUTLS-SA-2006-2 for more up to date information. Reported by +satyakumar . + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.5 (released 2006-11-06) + +** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS +** version, try to negotiate the highest version support by the GnuTLS server, +** instead of the lowest. +Reported by . + +** Fix typo in doc/examples/ex-serv-pgp.c. +Reported by Adam Langley" . + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.4 (released 2006-09-12) + +** Relax the test that caught signatures that exploit the variant of +** Bleichenbacher's Crypto 06 rump session attack on our +** verification logic flaw. +In particular, we now permit the digestAlgorithm.parameters field to +be present but empty, whereas in 1.4.3 we actually checked that the +field was absent. + +** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem. +The messages are only printed in debug mode, which is not recommended +for normal use, and thus logging this situation cannot be abused as an +oracle in typical recommended situations. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.3 (released 2006-09-08) + +** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's +** Crypto 06 rump session attack. +In particular, we check that the digestAlgorithm.parameters field is +empty, to avoid that it can contain "garbage" that may be used to +alter the numeric properties of the signature. See + (which is +not exactly the same as the problem we fix here). Reported by Yutaka +OIWA . + +See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more +up to date information. + +** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack. +See . +Reported by Werner Koch . + +See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more +up to date information. + +** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.2 (released 2006-08-12) + +** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. +This can happen if you call gnutls_certificate_verify_peers2 and have +a certain mix of local CA certificates and the peer send special +certificates, that together trigger certain behaviour. It is not +known at this point whether the crash can be triggered without the +special local CA certificate, and thus turn this into a remote crash +of clients that verify server certificates when they talk to a server +with the special server certificate. See GNUTLS-SA-2006-2 on +https://www.gnu.org/software/gnutls/security.html for more up to date +information. Reported by satyakumar . + +** Change SRP and Cert-Type extensions to match IANA registry. + +** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. + +** Make --without-included-libtasn1 work. +Reported by Daniel Black . + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.1 (released 2006-06-14) + +** Replaced inactive ifdefs to enable openpgp support in test programs. + +** Fixed bug in OpenPGP authentication handshake. + +** Fixed typographical in man pages. + +** Build fixes of the manual. + +** Added Swedish translation. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.0 (released 2006-05-15) + +** Remove GnuTLS 0.8.x compatibility functions. + +** The libgcrypt RNG is initialized in gnutls_global_init(). + +** TLS/IA API changes from Emile van Bergen. +A dummy credential structure is not needed now, if you wish to use the +low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on +a session. + +** The self-tests are now run under valgrind, if it is installed. + +** Libtasn1 is updated to 0.3.4, and that version is now required. + +** The command line tools now use getaddrinfo and support IPv6. + +** API and ABI modifications: +_gnutls_x509_get_raw_crt_activation_time, +_gnutls_x509_get_raw_crt_expiration_time: Removed. +gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable. +gnutls_ia_enable: Added. + +* Version 1.3.5 (released 2006-03-08) + +** Error messages are now translated using GNU Gettext. + +** The function gnutls_x509_crt_to_xml now return an internal error. +This means that the code to convert X.509 certificates to XML format +does not work any more. The reason is that the function called +libtasn1 internal functions. It seems unclean for libtasn1 to export +the APIs needed here. Instead it would be better to implement XML +support inside libtasn1 properly. If you need this functionality +strongly, please consider looking into implementing this suggested +approach instead. As a workaround, you may also modify lib/x509/xml.c +(change '#if 1' to '#if 0') and build using --with-included-libtasn1. + +** Libraries are now built with libtool's -no-undefined. +This helps producing libraries for Windows using mingw32. + +** Doc fixes to explain that gnutls_record_send can block. + +** Libtasn1 0.3.1 or later is now required. +The include copy has been updated too. + +** gnutls-cli can now recognize services and port numbers with the -p option. + +** API and ABI modifications: +No changes since last version. + +* Version 1.3.4 (released 2006-02-09) + +** Fix read of out bounds bug in DER parser. +Reported by Evgeny Legerov , and debugging help from +Protover SSL. Libtasn1 0.2.18 is now required, which contains the +previous bug fix. The included libtasn1 version in GnuTLS has been +updated. + +** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no +longer invalidate a session if the underlying send fails, but it will +prevent future writes. That is to allow reading the already received data. +Patches and bug reports by Yoann Vandoorselaere + +** Corrected bugs in gnutls_certificate_set_x509_crl() and +gnutls_certificate_set_x509_trust(), that caused memory corruption if +more than one certificates were added. Report and patch by Max Kellermann. + +** Fix build problems of OpenCDK on AIX. +Thanks to "Heiden, John" . + +** API and ABI modifications: +No changes since last version. + +* Version 1.3.3 (released 2006-01-12) + +** New API to access the TLS master secret. +When possible, you should use the TLS PRF functions instead. +Suggested by Jouni Malinen . + +** Improved handling when multiple libraries use GnuTLS at the same time. +Now gnutls_global_init() can be called multiple times, and +gnutls_global_deinit() will only deallocate the structure when it has +been called as many times as gnutls_global_init() was called. + +** Added a self test of TLS resume functionality. + +** Fix crash in TLS resume code, caused by TLS/IA changes. + +** Documentation fixes about thread unsafety, prompted by +** discussion with bryanh@giraffe-data.com (Bryan Henderson). +In particular, gnutls_global_init() and gnutls_global_deinit() are not +thread safe. Careful callers may want to protect the call using a +mutex. The problem could also be ignored, which would cause a memory +leak under rare conditions when two threads invoke the function +roughly at the same time. + +** Add 'const' keywords in various places, from Frediano ZIGLIO. + +** The code was indented again, including the external header files. + +** API and ABI modifications: +New functions to retrieve the master secret value: + gnutls_session_get_master_secret + +Add a 'const' keyword to existing API: + gnutls_x509_crq_get_challenge_password + +* Version 1.3.2 (released 2005-12-15) + +** GnuTLS now support TLS Inner application (TLS/IA). +This is per draft-funk-tls-inner-application-extension-01. This +functionality is added to libgnutls-extra, so it is licensed under the +GNU General Public License. + +** New APIs to access the TLS Pseudo-Random-Function (PRF). +The PRF is used by some protocols building on TLS, such as EAP-PEAP +and EAP-TTLS. One function to access the raw PRF and one to access +the PRF seeded with the client/server random fields are provided. +Suggested by Jouni Malinen . + +** New APIs to acceess the client and server random fields in a session. +These fields can be useful by protocols using TLS. Note that these +fields are typically used as input to the TLS PRF, and if this is your +intended use, you should use the TLS PRF API that use the +client/server random field directly. Suggested by Jouni Malinen +. + +** Internal type cleanups. +The uint8, uint16, uint32 types have been replaced by uint8_t, +uint16_t, uint32_t. Gnulib is used to guarantee the presence of +correct types on platforms that lack them. The uint type have been +replaced by unsigned. + +** API and ABI modifications: +New functions to invoke the TLS Pseudo-Random-Function (PRF): + gnutls_prf + gnutls_prf_raw + +New functions to retrieve the session's client and server random values: + gnutls_session_get_server_random + gnutls_session_get_client_random + +New function, to perform TLS/IA handshake: + gnutls_ia_handshake + +New function to decide whether to do a TLS/IA handshake: + gnutls_ia_handshake_p + +New functions to allocate a TLS/IA credential: + gnutls_ia_allocate_client_credentials + gnutls_ia_free_client_credentials + gnutls_ia_allocate_server_credentials + gnutls_ia_free_server_credentials + +New functions to handle the AVP callback: + gnutls_ia_set_client_avp_function + gnutls_ia_set_client_avp_ptr + gnutls_ia_get_client_avp_ptr + gnutls_ia_set_server_avp_function + gnutls_ia_set_server_avp_ptr + gnutls_ia_get_server_avp_ptr + +New functions, to toggle TLS/IA application phases: + gnutls_ia_require_inner_phase + +New function to mix session keys with inner secret: + gnutls_ia_permute_inner_secret + +Low-level API (used internally by gnutls_ia_handshake): + gnutls_ia_endphase_send + gnutls_ia_send + gnutls_ia_recv + +New functions that can be used after successful TLS/IA negotiation: + gnutls_ia_generate_challenge + gnutls_ia_extract_inner_secret + +Enum type with TLS/IA modes: + gnutls_ia_mode_t + +Enum type with TLS/IA packet types: + gnutls_ia_apptype_t + +Enum values for TLS/IA alerts: + GNUTLS_A_INNER_APPLICATION_FAILURE + GNUTLS_A_INNER_APPLICATION_VERIFICATION + +New error codes, to signal when an application phase has finished: + GNUTLS_E_WARNING_IA_IPHF_RECEIVED + GNUTLS_E_WARNING_IA_FPHF_RECEIVED + +New error code to signal TLS/IA verify failure: + GNUTLS_E_IA_VERIFY_FAILED + +* Version 1.3.1 (released 2005-12-08) + +** Support for DHE-PSK cipher suites has been added. +This method offers perfect forward secrecy. + +** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to +Otto Maddox and Nozomu Ando . + +** Corrected a bug in certtool for 64 bit machines. Reported +by Max Kellermann . + +** New function to set a X.509 private key and certificate pairs, and/or +CRLs, from an PKCS#12 file, suggested by Emile van Bergen +. + +The integrity of the PKCS#12 file is protected through a password +based MAC; public-key based signatures for integrity protection are +not supported. PKCS#12 bags may be encrypted using password derived +symmetric keys, public-key based encryption is not supported. The +PKCS#8 keys may be encrypted using passwords. The API use the same +password for all operations. We believe that any more flexibility +create too much complexity that would hurt overall security, but may +add more PKCS#12 related APIs if real-world experience indicate +otherwise. + +** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys, +reported by Emile van Bergen . +This will enable "certtool -k -8" to parse those keys. + +** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords. +Use "certtool -p -8" and press press enter at the prompt. Earlier, +certtool would have encrypted the key using an empty password. + +** Certtool now accept --password for --key-info and encrypted PKCS#8 keys. +Earlier it would have prompted the user for it, even if --password was +supplied. + +** Added self test of PKCS#8 parsing. +Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and +pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in +tests/pkcs8. + +** API and ABI modifications: +New function to set X.509 credentials from a PKCS#12 file: + gnutls_certificate_set_x509_simple_pkcs12_file + +New gnutls_kx_algorithm_t enum type: + GNUTLS_KX_DHE_PSK + +New API to return session data (basically same as gnutls_session_get_data): + gnutls_session_get_data2 + +New API to set PSK Diffie-Hellman parameters: + gnutls_psk_set_server_dh_params + +* Version 1.3.0 (2005-11-15) + +** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. +This add several new APIs, see below. Read the updated manual for +more information. A new self test "pskself" has been added, that will +test this functionality. + +** The session resumption data are now system independent. + +** The code has been re-indented to conform to the GNU coding style. + +** Removed the RIPEMD ciphersuites. + +** Added a discussion of the internals of gnutls in manual. + +** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin. + +** Remove trailing comma in enums, for IBM C v6, from Albert Chin. + +** Make sure config.h is included first in a few files, from Albert Chin. + +** Don't use C++ comments ("//") as they are invalid, from Albert Chin. + +** Don't install SRP programs and man pages if --disable-srp-authentication, +from Albert Chin. + +** API and ABI modifications: +New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK + +New gnutls_credentials_type_t credential type: + GNUTLS_CRD_PSK + +New credential types: + gnutls_psk_server_credentials_t + gnutls_psk_client_credentials_t + +New functions to allocate PSK credentials: + gnutls_psk_allocate_client_credentials + gnutls_psk_free_client_credentials + gnutls_psk_free_server_credentials + gnutls_psk_allocate_server_credentials + +New enum type for PSK key flags: + gnutls_psk_key_flags + +New function prototypes for credential callback: + gnutls_psk_client_credentials_function + gnutls_psk_server_credentials_function + +New function to set PSK username and key: + gnutls_psk_set_client_credentials + +New function to set PSK passwd file: + gnutls_psk_set_server_credentials_file + +New function to extract PSK user in server: + gnutls_psk_server_get_username + +New functions to set PSK callback: + gnutls_psk_set_server_credentials_function + gnutls_psk_set_client_credentials_function + +Use size_t instead of int for output size parameter: + gnutls_srp_base64_encode + gnutls_srp_base64_decode + +* Version 1.2.11 (2006-05-11) +- The function gnutls_x509_crt_to_xml is not supported any more, and + return an internal error. The reason is that the function called + internal libtasn1 functions which are no longer exported from + libtasn1. +- Updated libtasn1 requirement to 0.3.4 and refreshed internal mintiasn1. +- Updated gnulib compatibility files. +- Fixed _gnutls_x509_get_raw_crt_expiration_time and + _gnutls_x509_get_raw_crt_activation_time to return (time_t)-1 on errors. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.10 (2006-02-09) +- Fix read out bounds bug in DER parser. Reported by Evgeny Legerov + , and debugging help from Protover SSL. +- Libtasn1 0.2.18 is now required (contains the previous bug fix). + The included version has been updated too. +- Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to + Otto Maddox and Nozomu Ando . +- Corrected a bug in certtool for 64 bit machines. Reported + by Max Kellermann . +- Corrected bugs in gnutls_certificate_set_x509_crl() and + gnutls_certificate_set_x509_trust(), that caused memory corruption if + more than one certificates were added. Report and patch by Max Kellermann. +- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no + longer invalidate a session if the underlying send fails, but it will + prevent future writes. That is to allow reading the already received data. + Patches and bug reports by Yoann Vandoorselaere + +* Version 1.2.9 (2005-11-07) +- Documentation was updated and improved. +- RSA-MD2 is now supported for verifying digital signatures. +- Due to cryptographic advances, verifying untrusted X.509 + certificates signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. For + applications that must remain interoperable, you can use the + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 + flags when verifying certificates. Naturally, this is not + recommended default behaviour for applications. To enable the + broken algorithms, call gnutls_certificate_set_verify_flags with the + proper flag, to change the verification mode used by + gnutls_certificate_verify_peers2. +- Make it possible to send empty data through gnutls_record_send, + to align with the send(2) API. +- Some changes in the certificate receiving part of handshake to prevent + some possible errors with non-blocking servers. +- Added numeric version symbols to permit simple CPP-based feature + tests, suggested by Daniel Stenberg . +- The (experimental) low-level crypto alternative to libgcrypt used + earlier (Nettle) has been replaced with crypto code from gnulib. + This leads to easier re-use of these components in other projects, + leading to more review and simpler maintenance. The new configure + parameter --with-builtin-crypto replace the old --with-nettle, and + must be used if you wish to enable this functionality. See README + under "Experimental" for more information. Internally, GnuTLS has + been updated to use the new "Generic Crypto" API in gl/gc.h. The + API is similar to the old crypto/gc.h, because the gnulib code were + based on GnuTLS's gc.h. +- Fix compiler warning in the "anonself" self test. +- API and ABI modifications: +gnutls_x509_crt_list_verify: Added 'const' to prototype in . + This doesn't reflect a change in behaviour, + so we don't break backwards compatibility. +GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value. +GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value. +GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2, +GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values. + Use when calling + gnutls_x509_crt_list_verify, + gnutls_x509_crt_verify, or + gnutls_certificate_set_verify_flags. +GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value, + used when broken signature algorithms + is used (currently RSA-MD2/MD5). +LIBGNUTLS_VERSION_MAJOR, +LIBGNUTLS_VERSION_MINOR, +LIBGNUTLS_VERSION_PATCH, +LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS + version number, can be used for feature existence + tests. + +* Version 1.2.8 (2005-10-07) +- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers. +- Don't install the auxilliary libexamples library used by the + examples in doc/examples/ on "make install", report and tiny patch + from Thomas Klausner . +- If you pass a X.509 CA or PGP trust database to the command line + tool, it will now abort the connection if the server certificate + validation fails. Use the parameter --insecure to continue even + after certificate validation failures. Inspired from discussion + with Alexander Kotelnikov . +- The test for socklen_t has been moved to gnulib. +- Link failures for duplicate or missing "program_name" symbol has been fixed, + patch from Martin Lambers . +- The command line tool and the examples no longer uses mmap or bzero, + to make them more portable, patch from Martin Lambers + . +- Made the PKCS #12 API handle null passwords. Based on patch by + Anton Altaparmakov . +- The GTK-DOC manual should build with current released tools. + (But a copy of the output is included, so the tools are not required.) +- The inet_ntop function is now used through gnulib. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.7 (2005-09-09) +- The GnuTLS and GnuTLS-extra libraries are now built with versioned symbols. +- Certtool now complains when reading out-of-range X.509 serial + numbers, suggested by Fran . +- Certtool now uses the readline library (when available) when reading + X.509 serial numbers. +- Fixed build problems in getpass on uClibc and Mingw32 platforms. +- Fixed compile warning regarding socklen_t on Mingw32, reported by + Martin Lambers . +- Fixed examples in doc/examples/, suggested by Fran . +- Gnulib is now used for the core library, enabling future code cleanups. +- The gnutls-cli tool now use gnutls_certificate_verify_peers2, + suggested by Daniel Stenberg . +- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull. +- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros). +- Disable zlib support if zlib.h is not present. +- A number of internal cleanups. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.6 (2005-07-16) +- MiniLZO updated to version 2.01 and moved to separate directory. +- Collision between system LZO header files and MiniLZO header file + fixed, reported by Matthias Urlichs . +- Will now test for liblzo functionality in liblzo2 too, reported by + Thomas Klausner . +- Minilibtasn1 is now 0.2.14 (no code changes). +- Some code changes to avoid GTK-DOC warnings. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.5 (2005-07-03) +- More builddir != srcdir fixes, reported by Mike Castle + . +- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn, + reported by Adam Langley . +- Corrected some stuff in minilzo detection. Pointed out by + Sergey Lipnevich. +- MiniLZO updated to version 2.00. +- gnutls_x509_crt_list_import now accept a DER formatted CRL. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.4 (2005-05-28) +- Corrected some bugs that could affect 64 bit systems. +- Some corrections in the header files to include the prototype + of memmem properly (affected 64 bit systems). Report and patch + by Yoann Vandoorselaere . +- Introduced the --fix-key option to certtool, which can be used to + regenerate the (optional) parameters in a private key. It should + be used together with --key-info. +- Corrected a bug in certificate chain verification that could lead + to marking a trusted chain as non trusted, if the last certificate in + the chain was a self signed one. +- Gnulib portability files were updated. +- License were updated to reflect new FSF address. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.3 (2005-04-28) +- Corrected bug in record packet parsing that could lead + to a denial of service attack. +- Corrected bug in RSA key export. Previously exported keys + can be fixed using certtool. Use certtool -k outfile +- API and ABI modifications: + gnutls_x509_privkey_fix(): Add. + +* Version 1.2.2 (2005-04-25) +- gnutls_error_to_alert() now considers + GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. +- Fixed error in session resuming that could cause a crash in a session. +- Fixed pkcs12 friendly name and local key identifier decoding. +- Internal cleanups, removed duplicate typedef/struct definitions, + and made source code include external include file, to check + function prototypes during compile time. +- API and ABI modifications: + No changes since last version. At least not intentional, but due + to the include header changes, there may be inadvertant changes, + please let us know if you find any. + +* Version 1.2.1 (2005-04-04) +- gnutls_bye() will no longer fail when RDWR is used and application + data are available for reading. +- Added more strict checks for the SRP parameters (g,n), when they + are not in the included list. +- Added warning to certtool when MD5 is being used for digital + signatures. +- Optimizations ("-O2 -finline-functions") are not enabled by default, + instead the standard autoconf defaults are used. Use `./configure + CFLAGS="-O2 -finline-functions"' to get the old optimizations. +- Added the option --get-dh-params to certtool, in order to get the + parameters included in the library primes and generators. +- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to + allow only trusted Version 1 CAs and introduced + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. +- Nettle self tests now build properly, reported by Pierre + . +- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. + Reported by Yoann Vandoorselaere . +- If the library has been compiled with features disabled, a warning is + issued during the compilation of any program. +- API and ABI modifications: + gnutls_x509_crt_list_import(): Add + gnutls_x509_crq_get_attribute_by_oid(): Add. + gnutls_x509_crq_set_attribute_by_oid(): Add + gnutls_x509_crt_set_extension_by_oid(): Add. + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Modify semantics. + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Add, old behaviour. + +* Version 1.2.0 (2005-01-27) +- Added the definitions and OIDs for the RIPEMD-160 hash algorithm. +- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and + gnutls_x509_crl_sign2(). +- Fixed license header in source code files. + +* Version 1.1.23 (2005-01-18) +- It is now possible to generate PKCS#12 structures without private + keys using "certtool --to-p12", suggested by Fabian Fagerholm + . +- Certtool now prints information for the RSA and DSA parameters of + certificates and private keys. +- Corrected the write of CRL distribution points. +- The certificate chain verification function now checks certificates + in the reverse order to minimize the spent resources. +- Corrected several bugs found by Marcin Garski +- The functions gnutls_x509_crl_get_issuer_dn, gnutls_x509_crq_get_dn, + gnutls_x509_crt_get_issuer_dn, gnutls_x509_crt_get_dn, and + gnutls_x509_rdn_get now set *sizeof_buf to the buffer length that is + required, instead of the string length. That is, the value has been + incremented by 1 to account for the terminating zero. Reported by + Martin Lambers . +- Debug output shouldn't crash on platforms that doesn't handle NULL + printf %s values. Reported by Michael.Ringe@aachen.utimaco.de. +- Sync included copy of libtasn1 with version 0.2.13. +- Client X.509 authenticated connections via gnutls-cli should now work again. + +* Version 1.1.22 (2004-11-04) +- Replace GNU LD version script with Libtool -export-symbols-regex, + from Joe Orton . +- Documentation improvements. +- Code indented using 'indent -i4 -kr'. +- The API manual is included in Devhelp format. (Was in last release too, + but the NEWS entry was forgotten.) +- The OpenSSL compatibility code now use the internal crypto interface. +- Added simple self test of OpenSSL compatibility library. +- Internally, libtool convenience libraries are used. +- Cleanups to configure.ac. + +* Version 1.1.21 (2004-10-27) +- Print DN of certificates with unknown characters in them, but in hexform + only. +- Added second precision to the X.509 parsing and generation functions. +- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the + actual OID. +- Add parameter --la-file to libgnutls-config and libgnutls-extra-config, + tiny patch contributed by Joe Orton . +- Add pkg-config meta files, suggested by Stéphane LOEUILLET + . +- Fix memory initializaion bug in gnutls_certificate_set_x509_trust, + tiny patch by Aleix Conchillo Flaque . +- Add self test of PKCS#12 functionality in "certtool", based on test + vectors from Joe Orton . +- Fix library order in libgnutls*-config --libs output, to permit + static linking, reported by Yoann Vandoorselaere + . + +* Version 1.1.20 (2004-10-12) +- Fix compile problem in gl/getpass.c on some systems. + +* Version 1.1.19 (2004-10-07) +- Fix memory leak in gnutls_certificate_verify_peers and + gnutls_certificate_free_credentials, report and patch by Simon + Posnjak . +- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting + a key and no certificate to PKCS#12. +- Fix objdir != srcdir builds, reported by "Gerrit P. Haase" + . +- Fixes faulty getpass implementation in libextra/opencdk/, reported + by Yoann Vandoorselaere . +- Uses memmem instead of strnstr in lib/. +- Using more GNULib portability files, although not yet inside lib/. +- Added gnutls_certificate_verify_peers to gnutls/compat.h. + Nikos deprecated gnutls_certificate_verify_peers in favor of + gnutls_certificate_verify_peers2 earlier in the 1.1 branch. +- Improvements to the manual. +- Add new example "ex-rfc2818" for certificate verification, from Nikos. +- Known bug: the library require snprintf. This has not yet been + fixed, but will be handled via GNULib later on. + +* Version 1.1.18 (2004-08-24) +- Corrected handling of certificate with dates after year 2038. +- Corrected DER decoder which could incorrectly treat input as BER and fail. +- Correct certtool --smime-to-p7 end of line character handling. +- Added example client and server for anonymous authentication. +- Added self test that tests anonymous TLS client and server. +- Added self tests of Nettle and generic crypto layer. +- Added API reference manual in HTML format in doc/reference/ using GTK-DOC. + Online version at . +- Assume C89 or better; removed checks for size_t, ptrdiff_t and time_t. +- Man pages for API functions are included. + +* Version 1.1.17 (2004-08-18) +- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption, + reported by Robey Pointer . +- Generic crypto interface for secret key ciphers, hashes and randomness added. + See section "Experimental" within section "COMPILATION ISSUES" in README. +- Removed length limit on passwords read by 'certtool'. +- Documentation fixes. + +* Version 1.1.16 (2004-08-15) +- Fix missing gnulib linker parameter when building certtool. +- Add gnulib module 'progname', needed by module 'error'. +- Improve building with srcdir != objdir. + +* Version 1.1.15 (2004-08-15) +- Certtool has simplistic --smime-to-p7 to translate RFC 2633 messages into + PKCS #7 format. +- Ported to Mac OS X / Darwin. +- Ported to FreeBSD. + +* Version 1.1.14 (2004-08-09) +- Documentation converted to Texinfo format. +- Bug fix of test suite. +- Configure now print build information, used by Autobuild. + +* Version 1.1.13 (2004-08-05) +- Added simple self test suite. + +* Version 1.1.12 (2004-08-02) +- Updated the SRP authentication to conform to the + latest (yet unreleased) draft. Unfortunately this breaks + compatibility with previous versions. +- Changed the makefiles to be more portable. +- SRP ciphersuites were moved to the gnutls library. +- Added some default limits in the verification of certificate + chains, to avoid denial of service attacks. Also added + gnutls_certificate_set_verify_limits() to override them. + Issue pointed out by Patrik Hornik . +- Added gnutls_certificate_verify_peers2(). + +* Version 1.1.11 (2004-07-16) +- Added the '_t' suffix to all exported symbols. +- Fixed bug in RSA encryption, report and patch by Martijn Koster + . +- Corrected a bug in certificate verification. Pointed out by + Yoann Vandoorselaere +- Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the + verification functions. +- The ephemeral DH and RSA parameters are no longer stored in the + session resume DB. +- Do not free the SRP (prime and generator) parameters obtained from the + callback if they are the static ones defined in extra.h +- Eliminated some memory leaks. Reported by Yoann Vandoorselaere. + +* Version 1.1.10 (2004-06-12) +- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() +- Corrected bug in TLS renegotiation. +- Corrected bug in OpenPGP key loading using a callback. +- gnutls-srpcrypt was renamed to srptool +- Allow handshake requests by the client. +- Automatically disable certificate types that do not have corresponding + certificates. +- Added gnutls_auth_client_get_type() and gnutls_auth_server_get_type() +- Opencdk library is being included if not found. +- certtool can now add ip address SAN extension. +- certtool has now support for more X.520 DN attribute types. +- Better handling of EOF in gnutls_record_recv(). +- _gnutls_deinit() is no longer used. Sessions are not + automatically removed any more, on abnormal termination. +- Corrected session resuming in SRP ciphersuites. +- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added new functions to allow access to the ephemeral + Diffie Hellman parameters. +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. +- Added the functions gnutls_dh_get_group(), gnutls_dh_get_pubkey() and + gnutls_rsa_export_get_pubkey() to retrieve parameters of the DH or + RSA-EXPORT key exchange. +- Some fixes in the session resuming code. +- Added gnutls_openpgp_keyring_check_id(). + +* Version 1.1.9 (2004-04-14) +- Added support for authority key identifier and the extended key usage + X.509 extension fields. The certtoool was updated to support them. +- The RC2 cipher is no more included. The one in libgcrypt is now used. +- Added batch support to certtool. Now it can use templates. + +* Version 1.1.8 (2004-04-07) +- Implemented all the tests for the SRP group parameters in + client side. This may lead to incompatibility with very + old gnutls servers. +- Corrected bug in RSA parameters handling which could cause + unexpected crashes. +- Optimized the copying of rsa_params. + +* Version 1.1.7 (2004-03-29) +- Added gnutls_certificate_set_params_function() and + gnutls_anon_set_params_function() that set the RSA or DH + parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). +- Corrected a compilation issue when opencdk was installed in a + non standard directory. +- Deprecated: gnutls_srp_server_set_select_function(), + gnutls_certificate_client_set_select_function(), gnutls_srp_server_set_select_function(). + +* Version 1.1.6 (2004-02-24) +- Several bug fixes, by Arne Thomassen. +- Fixed a bug where 'server name' extension was always sent. + +* Version 1.1.5 (2004-01-06) +- Added the gnutls_sign_algorithm type. + +* Version 1.1.4 (2004-01-04) +- Improved gnutls-cli's SRP behaviour in SRP ciphersuites. + If they are of highest priority then the abbreviated handshake + is used. +- Removed all references of missing files. +- Changed handshake behaviour to send the lowest TLS version + when an unsupported version was advertized. The current behaviour + is to send the maximum version we support. +- Corrected problem printing the DC attributes in a DN. + +* Version 1.1.3 (2003-12-30) +- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection + hack). + +* Version 1.1.2 (2003-12-28) +- Added CRL verification functionality to certtool. +- Corrected the CRL distribution point extension handling. + +* Version 1.1.1 (2003-12-26) +- Added PKCS #7 support to certtool utility. +- Added support for reading and generating CRL distribution + points extensions in certificates. +- Added support for generating CRLs in the library and the + certtool utility. +- Added support for the Subject Key ID PKIX extension. + +* Version 1.1.0 (2003-12-21) +- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS + are no longer returned by the handshake function. Ciphersuites that + require temporary parameters are removed when such parameters do not exist. +- Added the callbacks gnutls_certificate_client_retrieve_function() and + gnutls_certificate_server_retrieve_function(), to allow a client or a server + to specify certificates for the handshake without storing them to the + credentials structure. +- Added support for generating and exporting DSA private keys. +- Added gnutls_x509_crt_set_key_usage() and certtool can now set the + certificate's key usage. +- Added gnutls_openpgp_key_get_key_usage(). + +* Version 1.0.25 (2005-04-27) +- Corrected bug in record packet parsing that could lead + to a denial of service attack. +- Corrected bug in RSA key export. + +* Version 1.0.24 (2005-01-18) +- Corrected several bugs found by Marcin Garski + +* Version 1.0.23 (2004-11-13) +- Replace GNU LD version script with Libtool -export-symbols-regex, + from Joe Orton . +- Copy libtasn1 has been updated to version 0.2.11. +- Corrected the write of CRL distribution points. +- It is now possible to generate PKCS#12 structures without private + keys using "certtool --to-p12", suggested by Fabian Fagerholm + . + +* Version 1.0.22 (2004-10-28) +- Print DN of certificates with unknown characters in them, but in hexform + only. +- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the + actual OID. +- Added second precision to the X.509 parsing functions. +- Add parameter --la-file to libgnutls-config and libgnutls-extra-config, + tiny patch contributed by Joe Orton . +- Add pkg-config meta files, suggested by Stéphane LOEUILLET + . +- Fix memory initializaion bug in gnutls_certificate_set_x509_trust, + tiny patch by Aleix Conchillo Flaque . +- Fix certtool --password for PKCS #12, back ported from 1.1.x branch. +- Fix library order in libgnutls*-config --libs output, to permit + static linking, reported by Yoann Vandoorselaere + . + +* Version 1.0.21 (2004-10-07) +- Fix memory leak in gnutls_certificate_verify_peers and + gnutls_certificate_free_credentials, report and patch by Simon + Posnjak . +- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting + a key and no certificate to PKCS#12. +- Fix objdir != srcdir builds, reported by "Gerrit P. Haase" + . +- Avoid redefining getpass if system already has it, reported by + Yoann Vandoorselaere . +- Add new example "ex-rfc2818" for certificate verification, from Nikos. +- Known bug: the library require snprintf. + +* Version 1.0.20 (2004-08-18) +- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption, + reported by Robey Pointer . + +* Version 1.0.19 (2004-08-09) +- Bug fix of test suite. + +* Version 1.0.18 (2004-08-05) +- Added simple self test suite. + +* Version 1.0.17 (2004-08-02) +- Updated the SRP authentication to conform to the + latest (yet unreleased) draft. Unfortunately this breaks + compatibility with previous versions. +- Changed the makefiles to be more portable. +- Added some default limits in the verification of certificate + chains, to avoid denial of service attacks. Also added + gnutls_certificate_set_verify_limits() to override them. + Issue pointed out by Patrik Hornik . +- Added gnutls_certificate_verify_peers2(). + +* Version 1.0.16 (2004-07-10) +- Do not free the SRP (prime and generator) parameters obtained from the + callback if they are the static ones defined in extra.h. +- Eliminated some memory leaks. Reported by Yoann Vandoorselaere. +- Some fixes in the makefiles. + +* Version 1.0.15 (2004-06-29) +- Fixed bug in RSA encryption, report and patch by Martijn Koster + . +- Corrected a bug in certificate verification. Pointed out by + Yoann Vandoorselaere . + +* Version 1.0.14 (2004-06-12) +- Automatically disable certificate types that do not have corresponding + certificates. +- Updates in the documentation. +- certtool can now add ip address SAN extension. +- certtool has now support for more X.520 DN attribute types. +- Opencdk library is being included if not found. +- Added gnutls_openpgp_keyring_check_id(). +- Corrected a serious bug in the included libtasn1 library. +- Corrected session resuming in SRP ciphersuites. +- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. +- Some fixes in the session resuming code. + +* Version 1.0.13 (2004-04-29) +- Some complilation fixes. +- Added the --xml parameter to the certtool utility. + +* Version 1.0.12 (2004-04-23) +- Corrected bug in OpenPGP key loading using a callback. +- Renamed gnutls-srpcrypt to srptool +- Allow handshake requests by the client. +* Things backported from the development branch: +- Added support for authority key identifier and the extended key usage + X.509 extension fields. The certtoool was updated to support them. +- Added batch support to certtool. Now it can use templates. +- The RC2 cipher is no more included. The one in libgcrypt is now used. + +* Version 1.0.11 (2004-04-17) +- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() +- Corrected bug in TLS renegotiation. + +* Version 1.0.10 (2004-04-03) +- Corrected bug in RSA parameters handling which could cause + unexpected crashes. +- Corrected bug in SSL 3.0 authentication. + +* Version 1.0.9 (2004-03-29) +- Added gnutls_certificate_set_params_function() and + gnutls_anon_set_params_function() that set the RSA or DH + parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). +- Corrected a compilation issue when opencdk was installed in a + non standard directory. +- Documented the changes need in multi-threaded application due + to the new libgcrypt. + +* Version 1.0.8 (2004-02-28) +- Corrected bug in mutual certificate authentication in SSL 3.0. + +* Version 1.0.7 (2004-02-25) +- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection + hack). +- Some updates in the documentation. + +* Version 1.0.6 (2004-02-12) +* Backported things from the development branch (while maintaining + backwards compatibility): +- Improved gnutls-cli's SRP behaviour in SRP ciphersuites. + If they are of highest priority then the abbreviated handshake + is used. +- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS + are no longer returned by the handshake function. Ciphersuites that + require temporary parameters are removed when such parameters do not exist. +- Added the callbacks gnutls_certificate_client_retrieve_function() and + gnutls_certificate_server_retrieve_function(), to allow a client or a server + to specify certificates for the handshake without storing them to the + credentials structure. +- Added support for generating and exporting DSA private keys. + +* Version 1.0.5 (2004-02-11) +- Fixed a bug where 'server name' extension was always sent. +* Backported things from the development branch: +- Added CRL verification functionality to certtool. +- Corrected the CRL distribution point extension handling. +- Added PKCS #7 support to certtool utility. +- Added support for reading and generating CRL distribution + points extensions in certificates. +- Added support for generating CRLs in the library and the + certtool utility. +- Added support for the Subject Key ID PKIX extension. +- Added the gnutls_sign_algorithm type. + +* Version 1.0.4 (2004-01-04) +- Changed handshake behaviour to send the lowest TLS version + when an unsupported version was advertized. The current behaviour + is to send the maximum version we support. +- certtool no longer asks the password in unencrypted private + keys. +- The source is now compiled to use the reentrant libc functions. + +* Version 1.0.3 (2003-12-21) +- Corrected bug in gnutls_bye() which made it return an error code + of INVALID_REQUEST instead of success. +- Corrected a bug in the GNUTLS_KEY key usage definitions. + +* Version 1.0.2 (2003-12-18) +- Corrected a bug in the RSA key generation. This was + generating unusable RSA keys. + +* Version 1.0.1 (2003-12-10) +- Some minor fixes in the makefiles. They now include CFLAGS + from libgcrypt or opencdk if installed in a non standard directory. +- Fixed the SRP detection test in gnutls-cli-debug. +- Added gnutls_rsa_params_export_pkcs1() and gnutls_rsa_params_import_pkcs1(). + +* Version 1.0.0 (2003-12-04) +- Exported the static SRP group parameters. +- Some fixes in the certificate authenticated SRP ciphersuites. +- Improved the support for draft-ietf-tls-srp-05. The two-phase + handshake is now fully supported without any interaction with + the application layer (except for a callback). + +* Version 0.9.99 (2003-11-28) +- Some fixes in the gnutls.h header for the gnutls_server_name_set() + and gnutls_server_name_get() prototypes. +- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data() + and gnutls_x509_crt_verify_data(). +- Some fixes in the openpgp authentication. +- Removed the Twofish cipher. + +* Version 0.9.98 (2003-11-16) +- The openssl compatibility layer was moved to gnutls-openssl + library instead of being included in the gnutls-extra library. +- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04. +- Building with openpgp support is now mandatory. +- gnutls4 compatibility header is no longer included by default in + gnutls.h. +- gnutls8 function usage yelds a deprecation warning in gcc3. +- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid() + functions have a raw_flag parameter added. +- Added gnutls_x509_*_get_dn_oid() and gnutls_x509_crt_get_extension_oid() + functions which return the available OIDs. + +* Version 0.9.97 (2003-11-11) +- The certtool utility can now generate PKCS #12 structures + without specifying a certificate. +- Added capability to read CRLs to certtool. +- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER + to properly set the required buffer size. +- Corrected a bug in libgcrypt detection. + +* Version 0.9.96 (2003-11-09) +- Some changes to allow compilation with mingw32. +- Several code cleanups. + +* Version 0.9.95 (2003-11-02) +- Improved the verification functions. Added new verification + output flags and removed the unused and redundant ones. +- Improved the OpenPGP key support. +- The prime utility was removed, and its functionality was moved + to certtool. + +* Version 0.9.94 (2003-10-30) +- Added manpages for the included programs. +- Documented and improved the certtool utility. +- Added PKCS #12 support to certtool utility. + +* Version 0.9.93 (2003-10-26) +- Corrected some compilation issues. +- Improved the certtool command line utility. + +* Version 0.9.92 (2003-10-25) +- The RFC2818 hostname verification is now case insensitive. +- Added support for generating X.509 certificates. +- Added the certtool, a tool for generating X.509 certificates + +* Version 0.9.91 (2003-10-17) +- Fixed a compilation issue in the openpgp authentication part. + +* Version 0.9.90 (2003-10-08) +- Updated the openpgp key API (depends on the unreleased new + opencdk). + +* Version 0.9.8 (2003-10-02) +- Updated the SRP implementation to follow the latest draft + (draft-ietf-tls-srp-05). +- Improved the gnutls-cli behaviour in error handling, + and added a check for the peer's hostname. +- Use versioned symbols in the library (where available). +- RIJNDAEL ciphersuites were renamed to AES. + +* Version 0.9.7 (2003-08-25) +- The tex files are now included in the distribution. +- The library can now decrypt PKCS #12 files encrypted with + the RC2-40 cipher. +- The missing rfc2818_hostname object is now included. +- Several corrections and bug fixes in the library by + Arne Thomassen . +- CR is now allowed in the base64 decoder. + +* Version 0.9.6 (2003-06-28) +- Added gnutls_x509_privkey_get_key_id() and gnutls_x509_crt_get_key_id() + functions which return a unique (per public key) ID. These can + be used to check if the private key corresponds to a given certificate. +- Corrections in the TLS layer openpgp certificate packet parser. +- Corrected a bug in the record layer buffering, which affected + the case where external pull function was used. Report and patch + by Sergey Poznyakoff . +- Corrected a bug in gnutls-srpcrypt where a non allocated variable + was freed. +- SRP programs are now built by default. +- Added API to read and write to PKCS #12 structures. Prototypes + in gnutls/pkcs12.h. +- The gnutls_transport_ptr type was changed to a pointer type (void*). + +* Version 0.9.5 (2003-04-06) +- Several improvements in the PKCS #7 handling +- Eliminated several hard coded constants in MPI parameters. + +* Version 0.9.4 (2003-03-28) +- Corrected a parsing error in the Certificate request message. +- Corrected behaviour when a certificate request message is received. + Now a certificate packet is always sent, and in SSL 3.0 cipher suites + a no_certificate alert is sent instead. +- Added functionality to generate PKCS #7 structures (with certificates). + +* Version 0.9.3 (2003-03-24) +- Support for MD2 was dropped. +- Improved the error logging functions, by adding a level, and + by allowing debugging messages just by increasing the level. +- The diffie Hellman ciphersuites are now of higher priority than + the plain RSA. +- The RSA premaster secret version check can no longer be disabled. +- Implemented the counter measure discussed in the paper "Attacking + RSA-based Sessions in SSL/TLS", against the attack described in the + same paper. +- Added the functions: gnutls_handshake_get_last_in(), + gnutls_handshake_get_last_out(). +- The gnutls_certificate_set_rsa_params() was renamed to + gnutls_certificate_set_rsa_export_params(). +- Added the new functions: gnutls_certificate_set_x509_key() + gnutls_certificate_set_x509_trust(), gnutls_certificate_set_x509_crl(), + gnutls_x509_crt_export(), gnutls_x509_crl_export(). +- Added support for encoding and decoding PKCS #8 2.0 encrypted + RSA private keys. + +* Version 0.9.2 (2003-03-15) +- Some corrections in the memory mapping code (file is unmapped after + it is read). +- Added support for PKCS#10 certificate requests generation. + +* Version 0.9.1 (2003-03-12) +- Corrected a bug in 64 bit architectures, which affected the + serial number calculation in the record layer. +- Added gnutls_certificate_free_keys() which deletes all the + private keys and certificates from the credentials structure. +- Corrected a broken buffer check in _gnutls_io_read_buffered(), + which caused some unexpected packet length errors. Report and patch + by Ian Peters . +- Added ability to generate RSA keys. +- Increased the maximum parameter size in order to read some large keys + by some CAs. Patch by Ian Peters . +- Added an strnstr() function and the requirement in some functions to + use null terminated PEM structures is no more. +- Use mmap() if available to read files. +- Fixed a memory leak in SRP code reported by Rupert Kittinger + . + +* Version 0.9.0 (2003-03-03) +- This version is not binary compatible with the previous ones. +- The library notifies the application on empty and illegal SRP usernames, + so that proper notification (via an alert) is sent to the peer. +- Added ability to send some messages back to the application using + the gnutls_global_set_log_function(). +- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use + gnutls_malloc() to allocate the output parameters. +- Added support for MD2 algorithm in certificate signature verification. +- The RSA and DH parameter generation interface was changed. Added + ability to import and export from and to PKCS3 structures. This + was needed to read parameters generated using the openssl dhparam tool. +- Several changes in the temporary (DH/RSA) parameter codebase. No DH + parameters are now included in the library. Also the credentials structure + can now hold only one temporary parameter of a kind. +- Added a new Certificate, CRL, Private key and PKCS7 structures handling + API, defined in gnutls/x509.h +- Added gnutls_certificate_set_verify_flags() function to allow setting the + verification flags in the credentials structure. They will be used in the + *verify_peers functions. +- Added protection against the new TLS 1.0 record layer timing attack. +- Added support for Certificate revocation lists. Functions defined + in gnutls/x509.h +- The only functions that were removed are: + gnutls_x509_certificate_to_xml() + gnutls_x509_extract_dn_string() +- Ported to libtasn1 0.2.x + +* Version 0.8.1 (2003-01-22) +- Improved the SRP support, to prevent attackers guessing the + available usernames by brute force. +- Improved the SRP detection in gnutls-cli-debug +- Some fixes which now allow compilation. + +* Version 0.8.0 (2003-01-20) +- Added gnutls_x509_extract_dn_string() which returns a + distinguished name in a single string. +- Added gnutls_openpgp_extract_key_name_string() which returns + an openpgp user ID in a single string. +- Added gnutls_x509_extract_certificate_ca_status() which returns + the CA status of the given certificate. +- Added SRP-6 support. Follows draft-ietf-tls-srp-04. +- If libtasn1 is not present in the system, it is included in + the main gnutls library. +- If liblzo is present in the system, then the included minilzo + will not be used, and libgnutls-extra will depend on liblzo. +- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR, + and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also + replaced by GNUTLS_E_BASE64_DECODING_ERROR. + +* Version 0.6.0 (2002-12-08) +- Added "gnutls/compat4.h" header. This is included in gnutls.h + to emulate the old 0.4.x API. +- Example programs are now stored in doc/examples/ +- Several improvements and updates in the documentation. +- Added the certificate authenticated SRP cipher suites. +- gnutls_x509_extract_certificate_dn_string() was updated to return + an RFC2253 conforming string. +- Added the SRP related functions: + gnutls_srp_verifier() + gnutls_srp_base64_encode() + gnutls_srp_base64_decode() +- Added the function gnutls_srp_set_server_credentials_function() + to allow retrieving SRP parameters from an external backend - other + than password files. +- Added the function gnutls_openpgp_set_recv_key_function() + which can be used to set a callback, to get OpenPGP keys. +- Exported the functions: + gnutls_malloc() + gnutls_free() + which should be used by callback functions. +- Changed the semantics of gnutls_pem_base64_encode_alloc() + and gnutls_pem_base64_decode_alloc(). In the default case + were the gnutls library is used with malloc/realloc/free, + these are binary compatible. + +* Version 0.5.11 (2002-11-05) +- Some fixes in 'gnutls-cli' client program to prevent some segmentation + faults at exit. +- Example programs found in the documentation can now be generated by + running "make examples" in doc/tex directory. +- Added more descriptive error strings, to gnutls_strerror(). +- Documented error codes, and the function reference list is now sorted. +- Optimized buffering code. +- gnutls_x509_extract_certificate_dn_string() was rewritten. +- Added GNUTLS_E_SHORT_MEMORY_BUFFER error code, which is returned in the + case where the memory buffer provided is not long enough. +- Depends on the new OpenCDK 0.3.2. + +* Version 0.5.10 (2002-10-13) +- Updated documentation. +- Added server name extension. This allows clients to specify the + name of the server they connect to. Useful to HTTPS. +- Several corrections in the code base, mostly in signed/unsigned, + checkings. + +* Version 0.5.9 (2002-10-10) +- Corrected some code which worked fine in gcc 3.2, but not with any + other compiler. +- Updated 'gnutls-cli' with the '--starttls' option, to allow testing + starttls implementations. +- Added gnutls_x509_extract_key_pk_algorithm() function which extracts + the private key type, of a DER encoded key. +- Added gnutls_x509_extract_certificate_dn_string() which returns the + certificate's distinguished name in a single string. +- Added gnutls_set_default_priority() and gnutls_set_default_export_priority() + functions, to avoid calling all the *_priority() functions if the defaults + are acceptable. +- Added int gnutls_x509_check_certificates_hostname() which check whether + the given hostname matches the owner of the given X.509 certificate. + +* Version 0.5.8 (2002-09-25) +- Updated documentation. +- Added gnutls_record_get_direction() which replaces the obsolete + gnutls_handshake_get_direction(). +- Added function to convert error codes to alert descriptions +- Added LZO compression + +* Version 0.5.7 (2002-09-11) +- Some fixes in the memory allocation functions (realloc). +- Improved the string functions used in XML certificate generation. +- Removed dependency on libgdbm. +- Corrected bug in gnutls_dh_params_set() which affected + gnutls_dh_params_deinit(). +- Corrected bug in session resuming code in server side. + +* Version 0.5.6 (2002-09-06) +- Corrected bugs in SRP implementation, which prevented gnutls + to interoperate with other implementations. (interoperability testing + was done by David Taylor) +- Corrected bug in cert_type extension. +- Corrected extension type checks which used an 8 bit extension size, + instead of 16 bits. +- Added versioning in the XML output of certificate functions. +- Removed the X.509 test suite. + +* Version 0.5.5 (2002-09-03) +- Updated the SRP implementation to the latest draft. The blowfish + crypt implementation was removed, since the new draft does not allow + other hash algorithms except for the srpsha. +- Renamed all the constructed types in order to have more consistent + names. +- Improved the certificate and key read functions. Now they can read + the certificate and the private key from the same file. +- Updated and corrected documentation. + +* Version 0.5.4 (2002-08-27) +- Fixes in TLS 1.0 PRF and SSL3 random functions. +- gnutls_handshake_set_exportable_detection() was obsoleted. +- Added gnutls_openpgp_extract_key_id() which returns the key ID. +- Corrected bug in DHE key exchange +- Added support for temporary RSA keys which are needed for the + export cipher suites. +- Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite. + +* Version 0.5.3 (2002-08-23) +- No changes. Replaces the tarball of 0.5.2 which accidentally contained + code from the unstable branch. + +* Version 0.5.2 (2002-08-22) +- Added an error code that is returned in clients which connect + to export only servers. This must be enabled using the + gnutls_handshake_set_exportable_detection() function. +- Updated openssl compatibility layer. +- Added gnutls_handshake_get_direction() function which returns + the state of the handshake when interrupted. + +* Version 0.5.1 (2002-07-17) +- Corrected the m4 macros which used instead of + +- Documentation fixes +- Added gnutls_transport_set_ptr2() function, which accepts two + different pointers, to be used while receiving, and + while sending data. +- Semantic changes in gnutls_record_set_max_size(). The requested + size is now immediately enforced at the output buffers. +- gnutls_global_init_extra() now fails if the library versions do + not match. +- Fixes in client and server example programs. Null encryption can + be used in these programs, to assist in debuging. +- Fixes in zlib compression code. + +* Version 0.5.0 (2002-07-06) +- Added X.509 certificate tests in tests/ directory +- Removed stubs for SRP and Anonymous authentication. They served + no purpose since they are always included, unless it was requested + not to do so. +- Added gnutls_handshake_set_private_extensions() function. This + function can be used to enable private (gnutls specific) cipher suites + and compression algorithms. +- Added check for C99 macro support by the compiler. +- Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2() +- Added the new libtasn1 library. +- Removed the gdbm backend. Applications are now responsible for the + session resuming backend. The gnutls-serv application contains an + simple example on how to use gdbm for resuming. +- Headers for the gnutls library are now installed in $(includedir)/gnutls +- Added an OpenSSL compatible interface (with some limitations). +- Added functions to convert DER encoded certificates to XML format. + +* Version 0.4.4 (2002-06-24) +- Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt + using keys of some specific size. + +* Version 0.4.3 (2002-05-23) +- The gnutls-extra library now compiles fine, if the opencdk library is + not present. +- Several bug fixes. +- Added gnutls_global_set_mem_func() function, to set the memory allocation + functions, if other than the defaults are to be used. +- The default memory allocation functions are now the ones in libc. + +* Version 0.4.2 (2002-05-21) +- Separated ASN.1 structures parser documentation and TLS library + documentation. +- Added gnutls_handshake_set_rsa_pms() function, which disables the + version check in RSA premaster secret. +- Added gnutls_session_is_resumed() function, which reports if a session + is a resumed one. +- Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to + assist in callback functions. +- Replaced the included 1024 bit prime for Diffie Hellman, with a new + random one. +- Relicensed the library under the GNU Lesser General Public License +- Added gnutls-extra library which contains the GPL covered code of gnutls. + +* Version 0.4.1 (2002-04-07) +- Now uses alloca() for temporary variables +- Optimized RSA signing +- Added functions to return the peer's certificate activation and + expiration time. +- Corrected time function's behaviour (the time value returned no longer + relate to local timezone). + +* Version 0.4.0 (2002-04-01) +- Added support for RFC2630 (PKCS7) X.509 certificate sets +- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(), + gnutls_openpgp_extract_key_pk_algorithm(). +- Several optimizations in the Handshake protocol +- Several optimizations in RSA algorithm +- Unified the return values because of small buffers. + +* Version 0.3.92 (2002-03-23) +- Updated documentation +- Combined error codes of ASN.1 parser and gnutls +- Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration +- Added protection against CBC chosen plaintext attack (disabled by default) +- Improved and optimized compression support + +* Version 0.3.91 (2002-03-03) +- Added gnutls-cli-debug program +- Corrections in session resumption +- Rehandshake can now handle negotiation of different authentication + type. +- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are + now being installed. + +* Version 0.3.90 (2002-02-24) +- Handshake messages are not kept in memory any more. Now we use + less memory during a handshake +- Added support for certificates with DSA parameters +- Added DHE_DSS cipher suites +- Key exchange methods changed so they do not depend on the + certificate type. Added certificate type negotiation TLS extension. +- Added openpgp key support (EXPERIMENTAL) +- Improved Diffie Hellman key exchange support. +- Bug fixes in the RSA key exchange. +- Added check for the requested TLS extensions +- TLS extensions now use a 16 bit type field. +- Added a minimal string library to assist in ASN.1 parsing +- Changes in ASN.1 parser to work with the new bison +- Added gnutls_x509_extract_subject_alt_name(), which deprecates + gnutls_x509_extract_subject_dns_name() +- gnutls_x509_set_trust_(file/mem) can now be called multiple times +- gnutls_srp_server_set_cred_file() can now be called multiple times + +* Version 0.3.5 (2002-01-25) +- Corrected the RSA key exchange method, to avoid attacks against + PKCS-1 formating. + +* Version 0.3.4 (2002-01-20) +- Corrected bugs in DHE_RSA key exchange method + +* Version 0.3.3 (2002-01-19) +- Added gnutls_x509pki_verify_certificate() +- Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem() +- Bug fixes in srpcrypt (based on patch by Marc Huber) +- Bug fixes in the Handshake protocol (based on patch by Guillaume Morin) +- Corrected library versioning + +* Version 0.3.2 (2002-01-05) +- Corrected bug which did not allow a client to accept multiple CA names +- Added gnutls_fingerprint() +- Added gnutls_x509pki_extract_certificate_serial() +- Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt() +- Corrected behaviour in version advertizing +- Updated documentation +- Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions + +* Version 0.3.1 (2001-12-21) +- Corrections in the configuration files +- Fixes a bug in anonymous authentication + +* Version 0.3.0 (2001-12-17) +- Corrected bug in new integer formatting (now we use the old format again) +- Several corrections and usual cleanups + +* Version 0.2.91 (2001-12-10) +- Fixes in MPI handling (fixes possible bug with signed integers) +- Removed name indication extension +- Added gnutls_transport_get_ptr() and gnutls_db_get_ptr() +- Optimizations in server certificate callback. +- Fixes in anonymous authentication +- Corrections in client ciphersuite selection + +* Version 0.2.90 (2001-12-07) +- gnutls_handshake(), gnutls_read() etc. functions no longer require + the 'SOCKET cd' argument. This argument is set using the function + gnutls_set_transport_ptr(). +- introduced gnutls_x509pki_get_peer_certificate_list(). This function returns + a list containing peer's certificate and issuers DER encoded. +- Updated X.509 certificate handling API +- Added callback to select the server certificate +- More consistent function naming (changes in several function names) +- Buffer overflow checking in ASN.1 structures parser +- Updated documentation + +* Version 0.2.11 (2001-11-16) +- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value + is returned, then the caller should perform a handshake or send + an alert to the peer. +- Made receive buffer dynamic. Normally if no large chunks are received + it occupies less space. +- Added max_record_size extension +- Bugfixes in session handling +- Improved non blocking IO support in the Handshake Protocol +- Usual bugfixes and cleanups +- Documentation updated (includes ASN.1 documentation) + +* Version 0.2.10 (2001-11-05) +- Corrected bugs and improved non blocking IO +- Added hooks to use external database to store sessions +- Usual cleanups + +* Version 0.2.9 (2001-10-27) +- AUTH_INFO types and structures were moved to library internals +- AUTH_FAILED is no longer returned in SRP authentication + (any fatal error in SRP means auth failed) +- Introduced GNUTLS_E_INTERRUPTED +- Added support for non blocking IO +- gnutls_recv() and gnutls_send() are now obsolete +- Changed semantics of gnutls_rehandshake() + +* Version 0.2.4 (2001-10-12) +- Better handling of X.509 certificate extensions +- Added DHE_RSA ciphersuites +- Updated the Name Indication (dnsname) extension +- Improvements in Diffie Hellman primes handling + +* Version 0.2.3 (2001-09-19) +- Memory optimizations in gnutls_recv() +- Fixed several memory leaks +- Added ability to specify callback for x509 client certificate selection +- Better documentation + +* Version 0.2.2 (2001-08-21) +- Several bugfixes (library and documentation) + +* Version 0.2.1 (2001-08-07) +- SRP fixes + +* Version 0.2.0 (2001-08-07) +- Partial support for X.509v3 Certificate extensions. +- Added Internal memory handlers +- Removed gnutls_x509_set_cn() +- Added X.509 client authentication +- Several bug fixes and protocol fixes + +* Version 0.1.9 (2001-07-30) +- Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate) +- SRP is updated to conform to the newest draft. +- Added support for DNSNAME extension. +- Reentracy fixes in ASN.1 Parsing. +- Optimizations in hash/hmac functions +- (Error) message handling has changed +- Better Protocol Version handling +- Added X.509 Certificate Verification +- gnutls_read() semantics are now closer to read(2) - added EOF +- Documented some part of gnutls in doc/tex/ using Latex + +* Version 0.1.4 (2001-06-22) +- Corrected (srp) base64 encoding. +- Changed bcrypt algorithm to include username. +- Added RSA Ciphersuites (no certificate checking). +- Fixes in SSL 2.0 client hello parsing. +- Added ASN.1 and DER parsers. +- Bugfixes in session resuming +- Updated Ciphersuite selection algorithm +- Added internal representation of X.509 structures. +- Added global state + +* Version 0.1.3 (2001-06-01) +- Updated API (and the way it is documented - we use inline documentation) +- Added function to access alert messages. +- Added support for renegotiating parameters. +- Better and Faster Resume Database handling. +- Several bugfixes + +* Version 0.1.2 (2001-05-14) +- Updated API +- Fixes in extension handling + +* Version 0.1.1 (2001-05-13) +- Added compatibility with Stanford's libsrp library + +* Version 0.1.0 (2001-05-09) +- Added SSL 2.0 client hello support +- GNUTLS is a gnu library +- Added support for TLS extensions. +- Added support for SRP + +* Version 0.0.7 (2001-01-11) +- Added server side session resuming (using gdbm) +- Added twofish algorithm + +* Version 0.0.6 (2000-12-20) +- Added client side session resuming +- Better documentation (check doc/API) +- Better socket handling (gnutls can be used with select()) +- Some primitive support for non blocking IO and socket options has been added. + +* Version 0.0.5 (2000-12-07) +- Added Compression (using ZLIB) +- Added SSL 3.0 support + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. -- cgit v1.2.3